Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
libvirt
CVE-2010-223x-0006.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2010-223x-0006.patch of Package libvirt
>From e2ebe4b785eccb930f36f400a22940fa9660a24b Mon Sep 17 00:00:00 2001 From: Daniel P. Berrange <berrange@redhat.com> Date: Tue, 15 Jun 2010 16:40:47 +0100 Subject: [PATCH 06/10] Convert all disk backing store loops to shared helper API Update the QEMU cgroups code, QEMU DAC security driver, SELinux and AppArmour security drivers over to use the shared helper API virDomainDiskDefForeachPath(). * src/security/security_selinux.c, src/security/virt-aa-helper.c: Convert over to use virDomainDiskDefForeachPath() --- src/security/security_selinux.c | 67 +++++++---------- src/security/virt-aa-helper.c | 71 ++++++++---------- 4 files changed, 142 insertions(+), 204 deletions(-) Index: libvirt-0.7.2/src/security/security_selinux.c =================================================================== --- libvirt-0.7.2.orig/src/security/security_selinux.c +++ libvirt-0.7.2/src/security/security_selinux.c @@ -399,55 +399,42 @@ SELinuxRestoreSecurityImageLabel(virConn } static int +SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk, + const char *path, + unsigned int depth, + void *opaque) +{ + const virSecurityLabelDefPtr secdef = opaque; + + if (depth == 0) { + if (disk->shared) { + return SELinuxSetFilecon(NULL, path, default_image_context); + } else if (disk->readonly) { + return SELinuxSetFilecon(NULL, path, default_content_context); + } else if (secdef->imagelabel) { + return SELinuxSetFilecon(NULL, path, secdef->imagelabel); + } else { + return 0; + } + } else { + return SELinuxSetFilecon(NULL, path, default_content_context); + } +} + +static int SELinuxSetSecurityImageLabel(virConnectPtr conn, virDomainObjPtr vm, virDomainDiskDefPtr disk) { const virSecurityLabelDefPtr secdef = &vm->def->seclabel; - const char *path; - - if (!disk->src) - return 0; - - path = disk->src; - do { - virStorageFileMetadata meta; - int ret; - - memset(&meta, 0, sizeof(meta)); - - ret = virStorageFileGetMetadata(conn, - path, - VIR_STORAGE_FILE_AUTO, - &meta); - - if (path != disk->src) - VIR_FREE(path); - path = NULL; - - if (ret < 0) - return -1; - - if (meta.backingStore != NULL && - SELinuxSetFilecon(conn, meta.backingStore, - default_content_context) < 0) { - VIR_FREE(meta.backingStore); - return -1; - } - - path = meta.backingStore; - } while (path != NULL); - - if (disk->shared) { - return SELinuxSetFilecon(conn, disk->src, default_image_context); - } else if (disk->readonly) { - return SELinuxSetFilecon(conn, disk->src, default_content_context); - } else if (secdef->imagelabel) { - return SELinuxSetFilecon(conn, disk->src, secdef->imagelabel); - } - return 0; + return virDomainDiskDefForeachPath(conn, + disk, + true, + false, + SELinuxSetSecurityFileLabel, + secdef); } Index: libvirt-0.7.2/src/security/virt-aa-helper.c =================================================================== --- libvirt-0.7.2.orig/src/security/virt-aa-helper.c +++ libvirt-0.7.2/src/security/virt-aa-helper.c @@ -661,6 +661,28 @@ file_iterate_cb(virConnectPtr conn ATTRI } static int +add_file_path(virDomainDiskDefPtr disk, + const char *path, + unsigned int depth, + void *opaque) +{ + virBufferPtr buf = opaque; + int ret; + + if (depth == 0) { + if (disk->readonly) + ret = vah_add_file(buf, path, "r"); + else + ret = vah_add_file(buf, path, "rw"); + } else { + ret = vah_add_file(buf, path, "r"); + } + + return ret; +} + + +static int get_files(vahControl * ctl) { virBuffer buf = VIR_BUFFER_INITIALIZER; @@ -681,18 +703,16 @@ get_files(vahControl * ctl) goto clean; } - for (i = 0; i < ctl->def->ndisks; i++) - if (ctl->def->disks[i] && ctl->def->disks[i]->src) { - int ret; - - if (ctl->def->disks[i]->readonly) - ret = vah_add_file(&buf, ctl->def->disks[i]->src, "r"); - else - ret = vah_add_file(&buf, ctl->def->disks[i]->src, "rw"); - - if (ret != 0) - goto clean; - } + for (i = 0; i < ctl->def->ndisks; i++) { + int ret = virDomainDiskDefForeachPath(NULL, + ctl->def->disks[i], + true, + false, + add_file_path, + &buf); + if (ret != 0) + goto clean; + } for (i = 0; i < ctl->def->nserials; i++) if (ctl->def->serials[i] && ctl->def->serials[i]->data.file.path)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor