[libvirt] [PATCH v5 3/3] selinux: deal with dtb file
---
src/security/security_dac.c | 8 ++++++++
src/security/security_selinux.c | 8 ++++++++
src/security/virt-aa-helper.c | 4 ++++
3 files changed, 20 insertions(+), 0 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0b274b7..35b90da 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -760,6 +760,10 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
rc = -1;
+ if (def->os.dtb &&
+ virSecurityDACRestoreSecurityFileLabel(def->os.dtb) < 0)
+ rc = -1;
+
return rc;
}
@@ -822,6 +826,10 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
virSecurityDACSetOwnership(def->os.initrd, user, group) < 0)
return -1;
+ if (def->os.dtb &&
+ virSecurityDACSetOwnership(def->os.dtb, user, group) < 0)
+ return -1;
+
return 0;
}
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a042b26..0dbfd35 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1720,6 +1720,10 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr
mgr,
virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0)
rc = -1;
+ if (def->os.dtb &&
+ virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.dtb) < 0)
+ rc = -1;
+
return rc;
}
@@ -2116,6 +2120,10 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
virSecuritySELinuxSetFilecon(def->os.initrd, data->content_context) <
0)
return -1;
+ if (def->os.dtb &&
+ virSecuritySELinuxSetFilecon(def->os.dtb, data->content_context) < 0)
+ return -1;
+
if (stdin_path) {
if (virSecuritySELinuxSetFilecon(stdin_path, data->content_context) < 0
&&
virStorageFileIsSharedFSType(stdin_path,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index c1a3ec9..f764f77 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -993,6 +993,10 @@ get_files(vahControl * ctl)
if (vah_add_file(&buf, ctl->def->os.initrd, "r") != 0)
goto clean;
+ if (ctl->def->os.dtb)
+ if (vah_add_file(&buf, ctl->def->os.dtb, "r") != 0)
+ goto clean;
+
if (ctl->def->os.loader && ctl->def->os.loader)
if (vah_add_file(&buf, ctl->def->os.loader, "r") != 0)
goto clean;
--
1.6.4