[libvirt] [PATCH v1 24/37] Adapt to VIR_ALLOC and virAsprintf in src/security/*
Michal Privoznik
mprivozn at redhat.com
Thu Jul 4 12:06:47 UTC 2013
---
src/security/security_apparmor.c | 25 ++++++------------------
src/security/security_dac.c | 12 +++---------
src/security/security_manager.c | 8 ++------
src/security/security_selinux.c | 41 ++++++++++++----------------------------
src/security/security_stack.c | 8 ++------
5 files changed, 25 insertions(+), 69 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 50b0e74..eb80d23 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -77,16 +77,13 @@ profile_status(const char *str, const int check_enforcing)
int rc = -1;
/* create string that is '<str> \0' for accurate matching */
- if (virAsprintf(&tmp, "%s ", str) == -1) {
- virReportOOMError();
+ if (virAsprintf(&tmp, "%s ", str) == -1)
return rc;
- }
if (check_enforcing != 0) {
/* create string that is '<str> (enforce)\0' for accurate matching */
if (virAsprintf(&etmp, "%s (enforce)", str) == -1) {
VIR_FREE(tmp);
- virReportOOMError();
return rc;
}
}
@@ -132,10 +129,8 @@ profile_status_file(const char *str)
int rc = -1;
int len;
- if (virAsprintf(&profile, "%s/%s", APPARMOR_DIR "/libvirt", str) == -1) {
- virReportOOMError();
+ if (virAsprintf(&profile, "%s/%s", APPARMOR_DIR "/libvirt", str) == -1)
return rc;
- }
if (!virFileExists(profile))
goto failed;
@@ -147,10 +142,8 @@ profile_status_file(const char *str)
}
/* create string that is ' <str> flags=(complain)\0' */
- if (virAsprintf(&tmp, " %s flags=(complain)", str) == -1) {
- virReportOOMError();
+ if (virAsprintf(&tmp, " %s flags=(complain)", str) == -1)
goto failed;
- }
if (strstr(content, tmp) != NULL)
rc = 0;
@@ -231,10 +224,8 @@ get_profile_name(virDomainDefPtr def)
char *name = NULL;
virUUIDFormat(def->uuid, uuidstr);
- if (virAsprintf(&name, "%s%s", AA_PREFIX, uuidstr) < 0) {
- virReportOOMError();
+ if (virAsprintf(&name, "%s%s", AA_PREFIX, uuidstr) < 0)
return NULL;
- }
return name;
}
@@ -363,10 +354,8 @@ AppArmorSecurityManagerProbe(const char *virtDriver)
/* see if template file exists */
if (virAsprintf(&template, "%s/TEMPLATE",
- APPARMOR_DIR "/libvirt") == -1) {
- virReportOOMError();
+ APPARMOR_DIR "/libvirt") == -1)
return rc;
- }
if (!virFileExists(template)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
@@ -920,10 +909,8 @@ AppArmorSetFDLabel(virSecurityManagerPtr mgr,
if (secdef->imagelabel == NULL)
return 0;
- if (virAsprintf(&proc, "/proc/self/fd/%d", fd) == -1) {
- virReportOOMError();
+ if (virAsprintf(&proc, "/proc/self/fd/%d", fd) == -1)
return rc;
- }
if (virFileResolveLink(proc, &fd_path) < 0) {
/* it's a deleted file, presumably. Ignore? */
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0d6defc..365ab8b 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -713,10 +713,8 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
- (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
- virReportOOMError();
+ (virAsprintf(&out, "%s.out", dev->data.file.path) < 0))
goto done;
- }
if (virFileExists(in) && virFileExists(out)) {
if ((virSecurityDACSetOwnership(in, user, group) < 0) ||
(virSecurityDACSetOwnership(out, user, group) < 0)) {
@@ -755,10 +753,8 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&out, "%s.out", dev->data.file.path) < 0) ||
- (virAsprintf(&in, "%s.in", dev->data.file.path) < 0)) {
- virReportOOMError();
+ (virAsprintf(&in, "%s.in", dev->data.file.path) < 0))
goto done;
- }
if (virFileExists(in) && virFileExists(out)) {
if ((virSecurityDACRestoreSecurityFileLabel(out) < 0) ||
(virSecurityDACRestoreSecurityFileLabel(in) < 0)) {
@@ -1084,10 +1080,8 @@ virSecurityDACGenLabel(virSecurityManagerPtr mgr,
case VIR_DOMAIN_SECLABEL_DYNAMIC:
if (virAsprintf(&seclabel->label, "%u:%u",
(unsigned int) priv->user,
- (unsigned int) priv->group) < 0) {
- virReportOOMError();
+ (unsigned int) priv->group) < 0)
return rc;
- }
if (seclabel->label == NULL) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate dac user and group id "
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index f5ea73a..729d0e3 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -80,10 +80,8 @@ static virSecurityManagerPtr virSecurityManagerNewDriver(virSecurityDriverPtr dr
allowDiskFormatProbing, defaultConfined,
requireConfined);
- if (VIR_ALLOC_N(privateData, drv->privateDataLen) < 0) {
- virReportOOMError();
+ if (VIR_ALLOC_N(privateData, drv->privateDataLen) < 0)
return NULL;
- }
if (!(mgr = virObjectLockableNew(virSecurityManagerClass))) {
VIR_FREE(privateData);
@@ -701,10 +699,8 @@ virSecurityManagerGetNested(virSecurityManagerPtr mgr)
return virSecurityStackGetNested(mgr);
}
- if (VIR_ALLOC_N(list, 2) < 0) {
- virReportOOMError();
+ if (VIR_ALLOC_N(list, 2) < 0)
return NULL;
- }
list[0] = mgr;
list[1] = NULL;
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 8842d85..62bfc73 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -141,20 +141,16 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr,
VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin);
if (c1 == c2) {
- if (virAsprintf(&mcs, "%s:c%d", sens, catMin + c1) < 0) {
- virReportOOMError();
+ if (virAsprintf(&mcs, "%s:c%d", sens, catMin + c1) < 0)
return NULL;
- }
} else {
if (c1 > c2) {
int t = c1;
c1 = c2;
c2 = t;
}
- if (virAsprintf(&mcs, "%s:c%d,c%d", sens, catMin + c1, catMin + c2) < 0) {
- virReportOOMError();
+ if (virAsprintf(&mcs, "%s:c%d,c%d", sens, catMin + c1, catMin + c2) < 0)
return NULL;
- }
}
if (virHashLookup(data->mcs, mcs) == NULL)
@@ -630,7 +626,7 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
range = context_range_get(ctx);
if (!range) {
- virReportOOMError();
+ virReportSystemError(errno, "%s", _("unable to get selinux context range"));
goto cleanup;
}
if (VIR_STRDUP(mcs, range) < 0)
@@ -1392,10 +1388,8 @@ virSecuritySELinuxSetSecurityHostdevCapsLabel(virDomainDefPtr def,
case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_STORAGE: {
if (vroot) {
if (virAsprintf(&path, "%s/%s", vroot,
- dev->source.caps.u.storage.block) < 0) {
- virReportOOMError();
+ dev->source.caps.u.storage.block) < 0)
return -1;
- }
} else {
if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0)
return -1;
@@ -1408,10 +1402,8 @@ virSecuritySELinuxSetSecurityHostdevCapsLabel(virDomainDefPtr def,
case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_MISC: {
if (vroot) {
if (virAsprintf(&path, "%s/%s", vroot,
- dev->source.caps.u.misc.chardev) < 0) {
- virReportOOMError();
+ dev->source.caps.u.misc.chardev) < 0)
return -1;
- }
} else {
if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0)
return -1;
@@ -1582,10 +1574,8 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr,
case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_STORAGE: {
if (vroot) {
if (virAsprintf(&path, "%s/%s", vroot,
- dev->source.caps.u.storage.block) < 0) {
- virReportOOMError();
+ dev->source.caps.u.storage.block) < 0)
return -1;
- }
} else {
if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0)
return -1;
@@ -1598,10 +1588,8 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr,
case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_MISC: {
if (vroot) {
if (virAsprintf(&path, "%s/%s", vroot,
- dev->source.caps.u.misc.chardev) < 0) {
- virReportOOMError();
+ dev->source.caps.u.misc.chardev) < 0)
return -1;
- }
} else {
if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0)
return -1;
@@ -1695,10 +1683,8 @@ virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0) ||
- (virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0)) {
- virReportOOMError();
+ (virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0))
goto done;
- }
if (virFileExists(in) && virFileExists(out)) {
if ((virSecuritySELinuxSetFilecon(in, imagelabel) < 0) ||
(virSecuritySELinuxSetFilecon(out, imagelabel) < 0)) {
@@ -1762,10 +1748,8 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virSecurityManagerPtr mgr,
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0) ||
- (virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0)) {
- virReportOOMError();
+ (virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0))
goto done;
- }
if (virFileExists(in) && virFileExists(out)) {
if ((virSecuritySELinuxRestoreSecurityFileLabel(mgr, out) < 0) ||
(virSecuritySELinuxRestoreSecurityFileLabel(mgr, in) < 0)) {
@@ -2399,7 +2383,8 @@ virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr,
if (secdef->label) {
ctx = context_new(secdef->label);
if (!ctx) {
- virReportOOMError();
+ virReportSystemError(errno, _("unable to create selinux context for: %s"),
+ secdef->label);
goto cleanup;
}
range = context_range_get(ctx);
@@ -2432,10 +2417,8 @@ virSecuritySELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr,
if (secdef->imagelabel &&
virAsprintf(&opts,
",context=\"%s\"",
- (const char*) secdef->imagelabel) < 0) {
- virReportOOMError();
+ (const char*) secdef->imagelabel) < 0)
return NULL;
- }
}
if (!opts && VIR_STRDUP(opts, "") < 0)
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 14d757d..9afc641 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -53,10 +53,8 @@ virSecurityStackAddNested(virSecurityManagerPtr mgr,
while (tmp && tmp->next)
tmp = tmp->next;
- if (VIR_ALLOC(item) < 0) {
- virReportOOMError();
+ if (VIR_ALLOC(item) < 0)
return -1;
- }
item->securityManager = nested;
if (tmp)
tmp->next = item;
@@ -520,10 +518,8 @@ virSecurityStackGetNested(virSecurityManagerPtr mgr)
for (item = priv->itemsHead; item; item = item->next)
len++;
- if (VIR_ALLOC_N(list, len + 1) < 0) {
- virReportOOMError();
+ if (VIR_ALLOC_N(list, len + 1) < 0)
return NULL;
- }
for (item = priv->itemsHead; item; item = item->next, i++)
list[i] = item->securityManager;
--
1.8.1.5
More information about the libvir-list
mailing list