tools: Slightly rework libvirt_recover_xattrs.sh

Firstly, there's no reason to enumerate all XATTRs since they differ only in the prefix and we can construct them in a loop. Secondly, and more importantly, the script was still looking for just one prefix "trusted.libvirt.security" even on FreeBSD. Signed-off-by: N Michal Privoznik <mprivozn@redhat.com> Reviewed-by: N Cole Robinson <crobinso@redhat.com> Reviewed-by: N Daniel P. Berrangé <berrange@redhat.com>

tools: Slightly rework libvirt_recover_xattrs.sh
Firstly, there's no reason to enumerate all XATTRs since they differ only in the prefix and we can construct them in a loop. Secondly, and more importantly, the script was still looking for just one prefix "trusted.libvirt.security" even on FreeBSD. Signed-off-by: N Michal Privoznik <mprivozn@redhat.com> Reviewed-by: N Cole Robinson <crobinso@redhat.com> Reviewed-by: N Daniel P. Berrangé <berrange@redhat.com>
f45c97ea · Michal Privoznik · 90540a37 · f45c97ea
隐藏空白更改
内联并排

Showing with 27 addition and 27 deletion

tools/libvirt_recover_xattrs.sh tools/libvirt_recover_xattrs.sh +27 -27

未找到文件。
--- a/tools/libvirt_recover_xattrs.sh
+++ b/tools/libvirt_recover_xattrs.sh
@@ -23,14 +23,16 @@ EOF
 QUIET=0
 DRY_RUN=0
-P="/"
+DIR="/"
 # So far only qemu and lxc drivers use security driver.
 URI=("qemu:///system"
-     "qemu:///session"
     "lxc:///system")
-LIBVIRT_XATTR_PREFIX="trusted.libvirt.security"
+# On Linux we use 'trusted' namespace, on FreeBSD we use 'system'
+# as there is no 'trusted'.
+LIBVIRT_XATTR_PREFIXES=("trusted.libvirt.security"
+                        "system.libvirt.security")
 if [ `whoami` != "root" ]; then
    die "Must be run as root"
@@ -57,7 +59,7 @@ done
 shift $((OPTIND - 1))
 if [ $# -gt 0 ]; then
-    P=$1
+    DIR=$1
 fi
 if [ ${DRY_RUN} -eq 0 ]; then
@@ -69,28 +71,26 @@ if [ ${DRY_RUN} -eq 0 ]; then
 fi
-# On Linux we use 'trusted' namespace, on FreeBSD we use 'system'
+declare -a XATTRS
-# as there is no 'trusted'.
+for i in "dac" "selinux"; do
-XATTRS=("trusted.libvirt.security.dac"
+    for p in ${LIBVIRT_XATTR_PREFIXES[@]}; do
-        "trusted.libvirt.security.ref_dac"
+        XATTRS+=("$p.$i" "$p.ref_$i")
-        "trusted.libvirt.security.selinux"
+    done
-        "trusted.libvirt.security.ref_selinux",
+done
-        "system.libvirt.security.dac"
-        "system.libvirt.security.ref_dac"
+for p in ${LIBVIRT_XATTR_PREFIXES[*]}; do
-        "system.libvirt.security.selinux"
+    for i in $(getfattr -R -d -m ${p} --absolute-names ${DIR} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
-        "system.libvirt.security.ref_selinux")
+        echo $i;
+        if [ ${DRY_RUN} -ne 0 ]; then
-for i in $(getfattr -R -d -m ${LIBVIRT_XATTR_PREFIX} --absolute-names ${P} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
+            getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
-    if [ ${DRY_RUN} -ne 0 ]; then
+            continue
-        echo $i
+        fi
-        getfattr -d -m ${LIBVIRT_XATTR_PREFIX} $i
-        continue
+        if [ ${QUIET} -eq 0 ]; then
-    fi
+            echo "Fixing $i";
+        fi
-    if [ ${QUIET} -eq 0 ]; then
+        for x in ${XATTRS[*]}; do
-        echo "Fixing $i";
+            setfattr -x $x $i
-    fi
+        done
-    for x in ${XATTRS[*]}; do
-        setfattr -x $x $i
    done
 done