[libvirt] [PATCH] Fix security context references in DAC code
* The error messages coming from qemu's DAC support contain strings from the original SELinux security driver code. This just removes references to "security context" and other SELinux-isms from the DAC code. Signed-off-by: Spencer Shimko <sshimko@tresys.com> --- src/qemu/qemu_security_dac.c | 18 ++++++------------ 1 files changed, 6 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c index 1883fbe..e408dbf 100644 --- a/src/qemu/qemu_security_dac.c +++ b/src/qemu/qemu_security_dac.c @@ -37,7 +37,7 @@ void qemuSecurityDACSetDriver(struct qemud_driver *newdriver) static int qemuSecurityDACSetOwnership(const char *path, int uid, int gid) { - VIR_INFO("Setting DAC context on '%s' to '%d:%d'", path, uid, gid); + VIR_INFO("Setting DAC user and group on '%s' to '%d:%d'", path, uid, gid); if (chown(path, uid, gid) < 0) { struct stat sb; @@ -51,24 +51,18 @@ qemuSecurityDACSetOwnership(const char *path, int uid, int gid) } } - /* if the error complaint is related to an image hosted on - * an nfs mount, or a usbfs/sysfs filesystem not supporting - * labelling, then just ignore it & hope for the best. - * The user hopefully set one of the necessary qemuSecurityDAC - * virt_use_{nfs,usb,pci} boolean tunables to allow it... - */ if (chown_errno == EOPNOTSUPP) { - VIR_INFO("Setting security context '%d:%d' on '%s' not supported by filesystem", + VIR_INFO("Setting user and group to '%d:%d' on '%s' not supported by filesystem", uid, gid, path); } else if (chown_errno == EPERM) { - VIR_INFO("Setting security context '%d:%d' on '%s' not permitted", + VIR_INFO("Setting user and group to '%d:%d' on '%s' not permitted", uid, gid, path); } else if (chown_errno == EROFS) { - VIR_INFO("Setting security context '%d:%d' on '%s' not possible on readonly filesystem", + VIR_INFO("Setting user and group to '%d:%d' on '%s' not possible on readonly filesystem", uid, gid, path); } else { virReportSystemError(chown_errno, - _("unable to set security context '%d:%d' on '%s'"), + _("unable to set user and group to '%d:%d' on '%s'"), uid, gid, path); return -1; } @@ -84,7 +78,7 @@ qemuSecurityDACRestoreSecurityFileLabel(const char *path) int err; char *newpath = NULL; - VIR_INFO("Restoring DAC context on '%s'", path); + VIR_INFO("Restoring DAC user and group on '%s'", path); if ((err = virFileResolveLink(path, &newpath)) < 0) { virReportSystemError(err, -- 1.6.6.1
On 04/21/2010 11:44 AM, spencer@beyondabstraction.net wrote:
* The error messages coming from qemu's DAC support contain strings from the original SELinux security driver code. This just removes references to "security context" and other SELinux-isms from the DAC code.
That's a long line; feel free to wrap your commit messages anywhere between 70 and 80 columns.
@@ -37,7 +37,7 @@ void qemuSecurityDACSetDriver(struct qemud_driver *newdriver) static int qemuSecurityDACSetOwnership(const char *path, int uid, int gid) { - VIR_INFO("Setting DAC context on '%s' to '%d:%d'", path, uid, gid); + VIR_INFO("Setting DAC user and group on '%s' to '%d:%d'", path, uid, gid);
Yep, obvious cut-and-paste going on there, before the patch. ACK, and pushed. Thanks again for the patch. I'm also pushing a followup patch to update AUTHORS with seven recent patch contributors (to avoid posting raw email addresses for spammers to harvest, I won't post that patch to the list unless specifically requested). I think that qualifies as obvious, using the formula: git shortlog $(git log -1 --format=%H AUTHORS).. | grep -v "^ " and adding all authors that aren't already listed. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
On 04/22/2010 02:15 PM, Eric Blake wrote:
I'm also pushing a followup patch to update AUTHORS with seven recent patch contributors (to avoid posting raw email addresses for spammers to harvest, I won't post that patch to the list unless specifically requested). I think that qualifies as obvious, using the formula:
git shortlog $(git log -1 --format=%H AUTHORS).. | grep -v "^ "
and adding all authors that aren't already listed.
One of those patches was attributed to redshift; off-list, he contacted me and asked to be listed by his real name Marco Bozzolan instead, so I've made that change as well. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
participants (2)
-
Eric Blake -
spencer@beyondabstraction.net