Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt

体验新版 GitCode,发现更多精彩内容 >>

提交 ae00e73c 编写于 作者: E Erik Skultety
浏览文件
操作

security: dac: gfx: egl-headless: Relabel the DRI device 

Just like for SPICE, we need to change the permissions on the DRI device
used as the @rendernode for egl-headless graphics type.
Signed-off-by: NErik Skultety <eskultet@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>
上级 dc87ee0f
隐藏空白更改
内联 并排
Showing with 7 addition and 8 deletion
src/security/security_dac.c
浏览文件 @ ae00e73c
...@@ -1492,11 +1492,16 @@ virSecurityDACSetGraphicsLabel(virSecurityManagerPtr mgr, ...@@ -1492,11 +1492,16 @@ virSecurityDACSetGraphicsLabel(virSecurityManagerPtr mgr,
virDomainGraphicsDefPtr gfx) virDomainGraphicsDefPtr gfx)
{ {
const char *rendernode = virDomainGraphicsGetRenderNode(gfx);
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityLabelDefPtr seclabel; virSecurityLabelDefPtr seclabel;
uid_t user; uid_t user;
gid_t group; gid_t group;
/* There's nothing to relabel */
if (!rendernode)
return 0;
/* Skip chowning the shared render file if namespaces are disabled */ /* Skip chowning the shared render file if namespaces are disabled */
if (!priv->mountNamespace) if (!priv->mountNamespace)
return 0; return 0;
...@@ -1508,14 +1513,8 @@ virSecurityDACSetGraphicsLabel(virSecurityManagerPtr mgr, ...@@ -1508,14 +1513,8 @@ virSecurityDACSetGraphicsLabel(virSecurityManagerPtr mgr,
if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0) if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
return -1; return -1;
if (gfx->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE && if (virSecurityDACSetOwnership(mgr, NULL, rendernode, user, group) < 0)
gfx->data.spice.gl == VIR_TRISTATE_BOOL_YES && return -1;
gfx->data.spice.rendernode) {
if (virSecurityDACSetOwnership(mgr, NULL,
gfx->data.spice.rendernode,
user, group) < 0)
return -1;
}
return 0; return 0;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册