[libvirt] [PATCH] selinux: Properly check TAP FD label

Thursday, 11 September 2014

After a4431931 the TAP FDs ale labeled with image label instead
of the process label. On the other hand, the commit was
incomplete as a few lines above, there's still old check for the
process label presence while it should be check for the image
label instead.

Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt;
---

Pushed under trivial rule.

After this commit, the function is completely the same as
virSecuritySELinuxSetImageFDLabel(). However I'd like to keep
them separate because there's an ongoing bug:

    https://bugzilla.redhat.com/show_bug.cgi?id=1095636

so with fair chance the TapFDLabel() function will be rewritten
soon.

 src/security/security_selinux.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 7064158..bf67fb5 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2347,7 +2347,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
     virSecurityLabelDefPtr secdef;
 
     secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
-    if (!secdef || !secdef->label)
+    if (!secdef || !secdef->imagelabel)
         return 0;
 
     return virSecuritySELinuxFSetFilecon(fd, secdef->imagelabel);
-- 
1.8.5.5


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH] selinux: Properly check TAP FD label