[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] selinux: Properly check TAP FD label



After a4431931 the TAP FDs ale labeled with image label instead
of the process label. On the other hand, the commit was
incomplete as a few lines above, there's still old check for the
process label presence while it should be check for the image
label instead.

Signed-off-by: Michal Privoznik <mprivozn redhat com>
---

Pushed under trivial rule.

After this commit, the function is completely the same as
virSecuritySELinuxSetImageFDLabel(). However I'd like to keep
them separate because there's an ongoing bug:

    https://bugzilla.redhat.com/show_bug.cgi?id=1095636

so with fair chance the TapFDLabel() function will be rewritten
soon.

 src/security/security_selinux.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 7064158..bf67fb5 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2347,7 +2347,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
     virSecurityLabelDefPtr secdef;
 
     secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
-    if (!secdef || !secdef->label)
+    if (!secdef || !secdef->imagelabel)
         return 0;
 
     return virSecuritySELinuxFSetFilecon(fd, secdef->imagelabel);
-- 
1.8.5.5


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]