Re: [libvirt] [PATCH] Fix security driver handling of FIFOs with QEMU
On 05/03/2011 08:41 AM, Daniel P. Berrange wrote:
When setting up a FIFO for QEMU, it allows either a pair
of fifos used unidirectionally, or a single fifo used
bidirectionally. Look for the bidirectional fifo first
when labelling since that is more useful
* src/security/security_dac.c,
src/security/security_selinux.c: Fix fifo handling
---
src/security/security_dac.c | 19 ++++++++++++-------
src/security/security_selinux.c | 19 ++++++++++++-------
2 files changed, 24 insertions(+), 14 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index fba2d1d..b8642d2 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -406,14 +406,19 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
break;
case VIR_DOMAIN_CHR_TYPE_PIPE:
- if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
- (virAsprintf(&out, "%s.out", dev->data.file.path) < 0))
{
- virReportOOMError();
- goto done;
+ if (virFileExists(dev->data.file.path)) {
+ if (virSecurityDACSetOwnership(dev->data.file.path, priv->user,
priv->group) < 0)
+ goto done;
+ } else {
+ if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0)
||
+ (virAsprintf(&out, "%s.out", dev->data.file.path) <
0)) {
+ virReportOOMError();
+ goto done;
+ }
+ if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0)
||
+ (virSecurityDACSetOwnership(out, priv->user, priv->group) <
0))
+ goto done;
}
- if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) ||
- (virSecurityDACSetOwnership(out, priv->user, priv->group) < 0))
- goto done;
ACK. The old code never even considered the bi-directional case. (By
the way, bi-directional FIFOs are a Linux extension; they are not
guaranteed by POSIX, but I don't think that affects this patch.)
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 619 bytes)