[libvirt] [PATCH] Fix security driver handling of FIFOs with QEMU

Tue May 3 14:41:02 UTC 2011

When setting up a FIFO for QEMU, it allows either a pair
of fifos used unidirectionally, or a single fifo used
bidirectionally. Look for the bidirectional fifo first
when labelling since that is more useful

* src/security/security_dac.c,
  src/security/security_selinux.c: Fix fifo handling
---
 src/security/security_dac.c     |   19 ++++++++++++-------
 src/security/security_selinux.c |   19 ++++++++++++-------
 2 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index fba2d1d..b8642d2 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -406,14 +406,19 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
         break;
 
     case VIR_DOMAIN_CHR_TYPE_PIPE:
-        if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
-            (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
-            virReportOOMError();
-            goto done;
+        if (virFileExists(dev->data.file.path)) {
+            if (virSecurityDACSetOwnership(dev->data.file.path, priv->user, priv->group) < 0)
+                goto done;
+        } else {
+            if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
+                (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
+                virReportOOMError();
+                goto done;
+            }
+            if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) ||
+                (virSecurityDACSetOwnership(out, priv->user, priv->group) < 0))
+                goto done;
         }
-        if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) ||
-            (virSecurityDACSetOwnership(out, priv->user, priv->group) < 0))
-            goto done;
         ret = 0;
         break;
 
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 216208e..476bbbf 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -733,14 +733,19 @@ SELinuxSetSecurityChardevLabel(virDomainObjPtr vm,
         break;
 
     case VIR_DOMAIN_CHR_TYPE_PIPE:
-        if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
-            (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
-            virReportOOMError();
-            goto done;
+        if (virFileExists(dev->data.file.path)) {
+            if (SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0)
+                goto done;
+        } else {
+            if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
+                (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
+                virReportOOMError();
+                goto done;
+            }
+            if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
+                (SELinuxSetFilecon(out, secdef->imagelabel) < 0))
+                goto done;
         }
-        if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
-            (SELinuxSetFilecon(out, secdef->imagelabel) < 0))
-            goto done;
         ret = 0;
         break;
 
-- 
1.7.4.4


