• D
    Fix parsing of SELinux ranges without a category · 1732c1c6
    Daniel P. Berrange 提交于
    Normally libvirtd should run with a SELinux label
    
      system_u:system_r:virtd_t:s0-s0:c0.c1023
    
    If a user manually runs libvirtd though, it is sometimes
    possible to get into a situation where it is running
    
      system_u:system_r:init_t:s0
    
    The SELinux security driver isn't expecting this and can't
    parse the security label since it lacks the ':c0.c1023' part
    causing it to complain
    
      internal error Cannot parse sensitivity level in s0
    
    This updates the parser to cope with this, so if no category
    is present, libvirtd will hardcode the equivalent of c0.c1023.
    
    Now this won't work if SELinux is in Enforcing mode, but that's
    not an issue, because the user can only get into this problem
    if in Permissive mode. This means they can now start VMs in
    Permissive mode without hitting that parsing error
    Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
    1732c1c6
securityselinuxtest.c 10.4 KB