Fix security driver handling of FIFOs with QEMU

When setting up a FIFO for QEMU, it allows either a pair of fifos used unidirectionally, or a single fifo used bidirectionally. Look for the bidirectional fifo first when labelling since that is more useful * src/security/security_dac.c, src/security/security_selinux.c: Fix fifo handling

Fix security driver handling of FIFOs with QEMU
When setting up a FIFO for QEMU, it allows either a pair of fifos used unidirectionally, or a single fifo used bidirectionally. Look for the bidirectional fifo first when labelling since that is more useful * src/security/security_dac.c, src/security/security_selinux.c: Fix fifo handling
d37c6a3a · Daniel P. Berrange · f79cddad · d37c6a3a · d37c6a3a
隐藏空白更改
内联并排

Showing with 24 addition and 14 deletion

src/security/security_dac.c src/security/security_dac.c +12 -7

src/security/security_selinux.c src/security/security_selinux.c +12 -7

未找到文件。
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -406,14 +406,19 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
        break;

    case VIR_DOMAIN_CHR_TYPE_PIPE:
-        if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
-            (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
-            virReportOOMError();
-            goto done;
+        if (virFileExists(dev->data.file.path)) {
+            if (virSecurityDACSetOwnership(dev->data.file.path, priv->user, priv->group) < 0)
+                goto done;
+        } else {
+            if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
+                (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
+                virReportOOMError();
+                goto done;
+            }
+            if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) ||
+                (virSecurityDACSetOwnership(out, priv->user, priv->group) < 0))
+                goto done;
        }
-        if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) ||
-            (virSecurityDACSetOwnership(out, priv->user, priv->group) < 0))
-            goto done;
        ret = 0;
        break;


--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -733,14 +733,19 @@ SELinuxSetSecurityChardevLabel(virDomainObjPtr vm,
        break;

    case VIR_DOMAIN_CHR_TYPE_PIPE:
-        if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
-            (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
-            virReportOOMError();
-            goto done;
+        if (virFileExists(dev->data.file.path)) {
+            if (SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0)
+                goto done;
+        } else {
+            if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
+                (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
+                virReportOOMError();
+                goto done;
+            }
+            if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
+                (SELinuxSetFilecon(out, secdef->imagelabel) < 0))
+                goto done;
        }
-        if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
-            (SELinuxSetFilecon(out, secdef->imagelabel) < 0))
-            goto done;
        ret = 0;
        break;