On 12/20/18 12:39 AM, John Ferlan wrote:
On 12/12/18 7:40 AM, Michal Privoznik wrote:
Similarly to what I did in DAC driver, this also requires the same SELinux label to be used for shared paths. If a path is already in use by a domain (or domains) then and the domain we are starting now wants to access the path it has to have the same SELinux label. This might look too restrictive as the new label can still guarantee access to already running domains but in reality it is very unlikely and usually an admin mistake.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_selinux.c | 177 +++++++++++++++++++++++--------- 1 file changed, 130 insertions(+), 47 deletions(-)
[...]
+ +static int +virSecuritySELinuxRecallLabel(const char *path, + security_context_t *con) +{ + if (virSecurityGetRememberedLabel(SECURITY_SELINUX_NAME, + path, con) < 0) + return -1; + + if (!con) + return 1;
This ordering of the !con check has caused a Coverity concern that we use @con in the first call... When compared to the *_dac.c code which passes &label, I assume this should be passing &con, right?
Ooops, this hould have been if (!*con) return 1;. security_context_t is actually char *; therefore here con is type of char ** (just look at virSecurityGetRememberedLabel). I wonder if this will fix the issue Marc reported (unfortunately I don't have much time to dig into it right now). Michal