[libvirt] [PATCH] svirt: Label serial sockets (RHBZ#853393).

Fri, 14 Sep 2012 06:39:20 -0700 

From: "Richard W.M. Jones" <[email protected]>

libvirt skips labelling these, for unknown reasons.  This breaks
libguestfs.  Adding this and some SELinux rules (RHBZ#857453) fixes
everything for me.
---
 src/security/security_selinux.c |   12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a7e2420..c3b33f8 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1230,6 +1230,7 @@ virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr 
def,
     switch (dev->type) {
     case VIR_DOMAIN_CHR_TYPE_DEV:
     case VIR_DOMAIN_CHR_TYPE_FILE:
+    case VIR_DOMAIN_CHR_TYPE_UNIX:
         ret = virSecuritySELinuxSetFilecon(dev->data.file.path, 
secdef->imagelabel);
         break;
 
@@ -1280,6 +1281,7 @@ 
virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
     switch (dev->type) {
     case VIR_DOMAIN_CHR_TYPE_DEV:
     case VIR_DOMAIN_CHR_TYPE_FILE:
+    case VIR_DOMAIN_CHR_TYPE_UNIX:
         if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 
0)
             goto done;
         ret = 0;
@@ -1318,11 +1320,6 @@ 
virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDefPtr def,
                                                  virDomainChrDefPtr dev,
                                                  void *opaque ATTRIBUTE_UNUSED)
 {
-    /* This is taken care of by processing of def->serials */
-    if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE &&
-        dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
-        return 0;
-
     return virSecuritySELinuxRestoreSecurityChardevLabel(def, &dev->source);
 }
 
@@ -1698,11 +1695,6 @@ 
virSecuritySELinuxSetSecurityChardevCallback(virDomainDefPtr def,
                                              virDomainChrDefPtr dev,
                                              void *opaque ATTRIBUTE_UNUSED)
 {
-    /* This is taken care of by processing of def->serials */
-    if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE &&
-        dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
-        return 0;
-
     return virSecuritySELinuxSetSecurityChardevLabel(def, &dev->source);
 }
 
-- 
1.7.10.4

--
libvir-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to