[libvirt] [PATCH v4 3/5] Update security layer to handle many security labels

Viktor Mihajlovski mihajlov at linux.vnet.ibm.com
Tue Aug 21 10:45:47 UTC 2012 

On 08/16/2012 12:10 AM, Marcelo Cerri wrote:

> -    if (!def->seclabels[0]->norelabel) {
> -        def->seclabels[0]->imagelabel = virSecuritySELinuxGenNewContext(
> -                                                    data->file_context, mcs);
> -        if (!def->seclabels[0]->imagelabel)  {
> +    if (!seclabel->norelabel) {
> +        seclabel->imagelabel = virSecuritySELinuxGenNewContext(
> +                                                    data->domain_context, mcs);
> +        if (!seclabel->imagelabel)  {
>               virReportError(VIR_ERR_INTERNAL_ERROR,
>                              _("cannot generate selinux context for %s"), mcs);
>               goto cleanup;
>           }
>       }
> 
> -    if (!def->seclabels[0]->model &&
> -        !(def->seclabels[0]->model = strdup(SECURITY_SELINUX_NAME))) {
> +    if (!seclabel->model &&
> +        !(seclabel->model = strdup(SECURITY_SELINUX_NAME))) {
>           virReportOOMError();
>           goto cleanup;
>       }

the patch breaks the object labelling again ... please apply the following patch to fix, thanks!

Image context must always use data->file_context.

Signed-off-by: Viktor Mihajlovski <mihajlov at linux.vnet.ibm.com>
---
 src/security/security_selinux.c |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index eea8fbd..da2a9c4 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -450,9 +450,10 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
     }
 
     if (!seclabel->norelabel) {
-        seclabel->imagelabel = virSecuritySELinuxGenNewContext(data->domain_context,
-                                                               mcs,
-                                                               true);
+        seclabel->imagelabel =
+            virSecuritySELinuxGenNewContext(data->file_context,
+                                            mcs,
+                                            true);
         if (!seclabel->imagelabel)  {
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            _("cannot generate selinux context for %s"), mcs);
-- 
1.7.0.4


-- 

Mit freundlichen Grüßen/Kind Regards
   Viktor Mihajlovski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martin Jetter
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294

More information about the libvir-list mailing list