security_dac: Label non-listening sockets

SELinux security driver already does that, but DAC driver somehow missed the memo. Let's fix it so it works the same way. Signed-off-by: N Martin Kletzander <mkletzan@redhat.com>

security_dac: Label non-listening sockets
SELinux security driver already does that, but DAC driver somehow missed the memo. Let's fix it so it works the same way. Signed-off-by: N Martin Kletzander <mkletzan@redhat.com>
7b6953bc · Martin Kletzander · 4ac6ce38 · 7b6953bc
显示空白变更内容
内联并排

Showing with 9 addition and 1 deletion

src/security/security_dac.c src/security/security_dac.c +9 -1

未找到文件。
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -789,6 +789,15 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
        ret = 0;
        break;

+    case VIR_DOMAIN_CHR_TYPE_UNIX:
+        if (!dev_source->data.nix.listen) {
+            if (virSecurityDACSetOwnership(dev_source->data.nix.path,
+                                           user, group) < 0)
+                goto done;
+        }
+        ret = 0;
+        break;
+
    case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
    case VIR_DOMAIN_CHR_TYPE_NULL:
    case VIR_DOMAIN_CHR_TYPE_VC:
@@ -796,7 +805,6 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
    case VIR_DOMAIN_CHR_TYPE_STDIO:
    case VIR_DOMAIN_CHR_TYPE_UDP:
    case VIR_DOMAIN_CHR_TYPE_TCP:
-    case VIR_DOMAIN_CHR_TYPE_UNIX:
    case VIR_DOMAIN_CHR_TYPE_SPICEVMC:
    case VIR_DOMAIN_CHR_TYPE_NMDM:
    case VIR_DOMAIN_CHR_TYPE_LAST: