[libvirt] [PATCH] Generate a valid imagelabel even for type 'none'
Commit 2ce63c1 added imagelabel generation when relabeling is turned off. But we weren't filling out the sensitivity for type 'none' labels, resulting in an invalid label: $ virsh managedsave domain error: unable to set security context 'system_u:object_r:svirt_image_t' on fd 28: Invalid argument --- src/security/security_selinux.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index aa47667..448f686 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -670,7 +670,14 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr, break; case VIR_DOMAIN_SECLABEL_NONE: -/* no op */ +if (virSecuritySELinuxMCSGetProcessRange(sens, + catMin, + catMax) 0) +goto cleanup; + +if (VIR_STRDUP(mcs, sens) 0) +goto cleanup; + break; default: -- 1.8.3.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Generate a valid imagelabel even for type 'none'
On 02/05/2014 11:47 AM, Ján Tomko wrote: Commit 2ce63c1 added imagelabel generation when relabeling is turned off. But we weren't filling out the sensitivity for type 'none' labels, resulting in an invalid label: $ virsh managedsave domain error: unable to set security context 'system_u:object_r:svirt_image_t' on fd 28: Invalid argument --- src/security/security_selinux.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ACK. +++ b/src/security/security_selinux.c @@ -670,7 +670,14 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr, break; case VIR_DOMAIN_SECLABEL_NONE: -/* no op */ +if (virSecuritySELinuxMCSGetProcessRange(sens, + catMin, + catMax) 0) +goto cleanup; + +if (VIR_STRDUP(mcs, sens) 0) +goto cleanup; + break; default: -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Generate a valid imagelabel even for type 'none'
On 02/05/2014 07:54 PM, Eric Blake wrote: On 02/05/2014 11:47 AM, Ján Tomko wrote: Commit 2ce63c1 added imagelabel generation when relabeling is turned off. But we weren't filling out the sensitivity for type 'none' labels, resulting in an invalid label: $ virsh managedsave domain error: unable to set security context 'system_u:object_r:svirt_image_t' on fd 28: Invalid argument --- src/security/security_selinux.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ACK. Thanks, pushed. Jan signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list