5:25 a.m.
This function should really be called only when we want to change
ownership of a file (or disk source). Lets switch to calling a
wrapper function which will eventually record the current owner
of the file and call virSecurityDACSetOwnershipInternal
subsequently.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/security/security_dac.c | 36 ++++++++++++++++++++++--------------
1 file changed, 22 insertions(+), 14 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index ccd9261..a38c46c 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -357,12 +357,13 @@ virSecurityDACSetOwnershipInternal(virSecurityDACDataPtr priv,
static int
virSecurityDACSetOwnership(virSecurityDACDataPtr priv,
+ virStorageSourcePtr src,
const char *path,
uid_t uid,
gid_t gid)
{
/* XXX record previous ownership */
- return virSecurityDACSetOwnershipInternal(priv, NULL, path, uid, gid);
+ return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid);
}
@@ -418,7 +419,7 @@ virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr,
return -1;
}
- return virSecurityDACSetOwnershipInternal(priv, src, NULL, user, group);
+ return virSecurityDACSetOwnership(priv, src, NULL, user, group);
}
@@ -526,7 +527,7 @@ virSecurityDACSetSecurityHostdevLabelHelper(const char *file,
if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL))
return -1;
- return virSecurityDACSetOwnership(priv, file, user, group);
+ return virSecurityDACSetOwnership(priv, NULL, file, user, group);
}
@@ -826,7 +827,8 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
switch ((virDomainChrType) dev_source->type) {
case VIR_DOMAIN_CHR_TYPE_DEV:
case VIR_DOMAIN_CHR_TYPE_FILE:
- ret = virSecurityDACSetOwnership(priv, dev_source->data.file.path,
+ ret = virSecurityDACSetOwnership(priv, NULL,
+ dev_source->data.file.path,
user, group);
break;
@@ -835,11 +837,12 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
(virAsprintf(&out, "%s.out", dev_source->data.file.path)
< 0))
goto done;
if (virFileExists(in) && virFileExists(out)) {
- if ((virSecurityDACSetOwnership(priv, in, user, group) < 0) ||
- (virSecurityDACSetOwnership(priv, out, user, group) < 0)) {
+ if ((virSecurityDACSetOwnership(priv, NULL, in, user, group) < 0) ||
+ (virSecurityDACSetOwnership(priv, NULL, out, user, group) < 0)) {
goto done;
}
- } else if (virSecurityDACSetOwnership(priv, dev_source->data.file.path,
+ } else if (virSecurityDACSetOwnership(priv, NULL,
+ dev_source->data.file.path,
user, group) < 0) {
goto done;
}
@@ -848,7 +851,8 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
case VIR_DOMAIN_CHR_TYPE_UNIX:
if (!dev_source->data.nix.listen) {
- if (virSecurityDACSetOwnership(priv, dev_source->data.nix.path,
+ if (virSecurityDACSetOwnership(priv, NULL,
+ dev_source->data.nix.path,
user, group) < 0)
goto done;
}
@@ -1114,19 +1118,23 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
return -1;
if (def->os.loader && def->os.loader->nvram &&
- virSecurityDACSetOwnership(priv, def->os.loader->nvram, user, group) <
0)
+ virSecurityDACSetOwnership(priv, NULL,
+ def->os.loader->nvram, user, group) < 0)
return -1;
if (def->os.kernel &&
- virSecurityDACSetOwnership(priv, def->os.kernel, user, group) < 0)
+ virSecurityDACSetOwnership(priv, NULL,
+ def->os.kernel, user, group) < 0)
return -1;
if (def->os.initrd &&
- virSecurityDACSetOwnership(priv, def->os.initrd, user, group) < 0)
+ virSecurityDACSetOwnership(priv, NULL,
+ def->os.initrd, user, group) < 0)
return -1;
if (def->os.dtb &&
- virSecurityDACSetOwnership(priv, def->os.dtb, user, group) < 0)
+ virSecurityDACSetOwnership(priv, NULL,
+ def->os.dtb, user, group) < 0)
return -1;
return 0;
@@ -1148,7 +1156,7 @@ virSecurityDACSetSavedStateLabel(virSecurityManagerPtr mgr,
if (virSecurityDACGetImageIds(secdef, priv, &user, &group) < 0)
return -1;
- return virSecurityDACSetOwnership(priv, savefile, user, group);
+ return virSecurityDACSetOwnership(priv, NULL, savefile, user, group);
}
@@ -1467,7 +1475,7 @@ virSecurityDACDomainSetDirLabel(virSecurityManagerPtr mgr,
if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
return -1;
- return virSecurityDACSetOwnership(priv, path, user, group);
+ return virSecurityDACSetOwnership(priv, NULL, path, user, group);
}
virSecurityDriver virSecurityDriverDAC = {
--
2.4.9