Re: [libvirt] [PATCH] Fix security driver handling of FIFOs with QEMU

Tue, 03 May 2011 08:27:16 -0700 

On 05/03/2011 08:41 AM, Daniel P. Berrange wrote:
> When setting up a FIFO for QEMU, it allows either a pair
> of fifos used unidirectionally, or a single fifo used
> bidirectionally. Look for the bidirectional fifo first
> when labelling since that is more useful
> 
> * src/security/security_dac.c,
>   src/security/security_selinux.c: Fix fifo handling
> ---
>  src/security/security_dac.c     |   19 ++++++++++++-------
>  src/security/security_selinux.c |   19 ++++++++++++-------
>  2 files changed, 24 insertions(+), 14 deletions(-)
> 
> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> index fba2d1d..b8642d2 100644
> --- a/src/security/security_dac.c
> +++ b/src/security/security_dac.c
> @@ -406,14 +406,19 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
>          break;
>  
>      case VIR_DOMAIN_CHR_TYPE_PIPE:
> -        if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
> -            (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
> -            virReportOOMError();
> -            goto done;
> +        if (virFileExists(dev->data.file.path)) {
> +            if (virSecurityDACSetOwnership(dev->data.file.path, priv->user, 
> priv->group) < 0)
> +                goto done;
> +        } else {
> +            if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
> +                (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
> +                virReportOOMError();
> +                goto done;
> +            }
> +            if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 
> 0) ||
> +                (virSecurityDACSetOwnership(out, priv->user, priv->group) < 
> 0))
> +                goto done;
>          }
> -        if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) ||
> -            (virSecurityDACSetOwnership(out, priv->user, priv->group) < 0))
> -            goto done;

ACK.  The old code never even considered the bi-directional case.  (By
the way, bi-directional FIFOs are a Linux extension; they are not
guaranteed by POSIX, but I don't think that affects this patch.)

-- 
Eric Blake   [email protected]    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to