Re: [libvirt] [PATCH 5/8] Honour current user and role in SELinux label generation
On Fri, Aug 10, 2012 at 02:55:24PM -0600, Eric Blake wrote:
On 08/10/2012 07:48 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange(a)redhat.com>
>
> When generating an SELinux context for a VM from the template
> "system_u:system_r:svirt_t:s0", copy the role + user from the
> current process instead of the template context. So if the
> current process is
>
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>
> then the VM context ends up as
>
> unconfined_u:unconfined_r:svirt_t:s0:c386,c703
>
> instead of
>
> system_u:system_r:svirt_t:s0:c177,c424
>
> virSecuritySELinuxGenNewContext(const char *basecontext, const char *mcs)
> {
> - context_t context;
> + context_t context = NULL;
> char *ret = NULL;
> char *str;
> + security_context_t curseccontext = NULL;
When I first read this, I wondered why you felt the context of the C
language was worth cursing - is it really hard to manage security labels
in the C language? Adding some underscores would not hurt, since you
meant cur_sec_context and not curse_c_context :)
Changed it to ourSecContext :-)
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|