rpms/libvirt/devel libvirt-0.6.1-svirt-shared-readonly.patch, NONE, 1.1 libvirt.spec, 1.119, 1.120
Daniel P. Berrange
berrange at fedoraproject.org
Tue Mar 17 15:32:01 UTC 2009
- Previous message: rpms/gnome-vfs2/devel .cvsignore, 1.56, 1.57 gnome-vfs2.spec, 1.188, 1.189 sources, 1.59, 1.60
- Next message: rpms/dbus-java/devel docs.patch, NONE, 1.1 missing_test_signal_interface_2.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 dbus-java.spec, 1.3, 1.4 sources, 1.2, 1.3 docbook.patch, 1.1, NONE man_fixes.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: berrange
Update of /cvs/pkgs/rpms/libvirt/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25335
Modified Files:
libvirt.spec
Added Files:
libvirt-0.6.1-svirt-shared-readonly.patch
Log Message:
Don't relabel shared/readonly disks for sVirt
libvirt-0.6.1-svirt-shared-readonly.patch:
--- NEW FILE libvirt-0.6.1-svirt-shared-readonly.patch ---
diff -rup libvirt-0.6.1.orig/src/qemu_driver.c libvirt-0.6.1.new/src/qemu_driver.c
--- libvirt-0.6.1.orig/src/qemu_driver.c 2009-03-17 11:57:04.000000000 +0000
+++ libvirt-0.6.1.new/src/qemu_driver.c 2009-03-17 11:57:12.000000000 +0000
@@ -3765,7 +3765,7 @@ static int qemudDomainAttachDevice(virDo
goto cleanup;
}
if (driver->securityDriver)
- driver->securityDriver->domainSetSecurityImageLabel(dom->conn, vm, dev);
+ driver->securityDriver->domainSetSecurityImageLabel(dom->conn, vm, dev->data.disk);
break;
default:
@@ -3901,7 +3901,7 @@ static int qemudDomainDetachDevice(virDo
dev->data.disk->bus == VIR_DOMAIN_DISK_BUS_VIRTIO)) {
ret = qemudDomainDetachPciDiskDevice(dom->conn, vm, dev);
if (driver->securityDriver)
- driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, vm, dev);
+ driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, dev->data.disk);
}
else
qemudReportError(dom->conn, dom, NULL, VIR_ERR_NO_SUPPORT,
diff -rup libvirt-0.6.1.orig/src/security.h libvirt-0.6.1.new/src/security.h
--- libvirt-0.6.1.orig/src/security.h 2009-03-03 16:40:46.000000000 +0000
+++ libvirt-0.6.1.new/src/security.h 2009-03-17 11:57:12.000000000 +0000
@@ -32,11 +32,10 @@ typedef virSecurityDriverStatus (*virSec
typedef int (*virSecurityDriverOpen) (virConnectPtr conn,
virSecurityDriverPtr drv);
typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
- virDomainDeviceDefPtr dev);
+ virDomainDiskDefPtr disk);
typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn,
virDomainObjPtr vm,
- virDomainDeviceDefPtr dev);
+ virDomainDiskDefPtr disk);
typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn,
virDomainObjPtr sec);
typedef int (*virSecurityDomainGetLabel) (virConnectPtr conn,
diff -rup libvirt-0.6.1.orig/src/security_selinux.c libvirt-0.6.1.new/src/security_selinux.c
--- libvirt-0.6.1.orig/src/security_selinux.c 2009-03-03 16:40:46.000000000 +0000
+++ libvirt-0.6.1.new/src/security_selinux.c 2009-03-17 11:57:12.000000000 +0000
@@ -269,7 +269,7 @@ SELinuxGetSecurityLabel(virConnectPtr co
}
static int
-SELinuxSetFilecon(virConnectPtr conn, char *path, char *tcon)
+SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
{
char ebuf[1024];
@@ -288,28 +288,51 @@ SELinuxSetFilecon(virConnectPtr conn, ch
static int
SELinuxRestoreSecurityImageLabel(virConnectPtr conn,
- virDomainObjPtr vm,
- virDomainDeviceDefPtr dev)
+ virDomainDiskDefPtr disk)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ struct stat buf;
+ security_context_t fcon = NULL;
+ int rc = -1;
+ char *newpath = NULL;
+ const char *path = disk->src;
- if (secdef->imagelabel) {
- return SELinuxSetFilecon(conn, dev->data.disk->src, default_image_context);
+ if (disk->readonly || disk->shared)
+ return 0;
+
+ if (lstat(path, &buf) != 0)
+ return -1;
+
+ if (S_ISLNK(buf.st_mode)) {
+ if (VIR_ALLOC_N(newpath, buf.st_size + 1) < 0)
+ return -1;
+
+ if (readlink(path, newpath, buf.st_size) < 0)
+ goto err;
+ path = newpath;
+ if (stat(path, &buf) != 0)
+ goto err;
}
- return 0;
+
+ if (matchpathcon(path, buf.st_mode, &fcon) == 0) {
+ rc = SELinuxSetFilecon(conn, path, fcon);
+ }
+err:
+ VIR_FREE(fcon);
+ VIR_FREE(newpath);
+ return rc;
}
static int
SELinuxSetSecurityImageLabel(virConnectPtr conn,
virDomainObjPtr vm,
- virDomainDeviceDefPtr dev)
+ virDomainDiskDefPtr disk)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
- if (secdef->imagelabel) {
- return SELinuxSetFilecon(conn, dev->data.disk->src, secdef->imagelabel);
- }
+ if (secdef->imagelabel)
+ return SELinuxSetFilecon(conn, disk->src, secdef->imagelabel);
+
return 0;
}
@@ -322,7 +345,7 @@ SELinuxRestoreSecurityLabel(virConnectPt
int rc = 0;
if (secdef->imagelabel) {
for (i = 0 ; i < vm->def->ndisks ; i++) {
- if (SELinuxSetFilecon(conn, vm->def->disks[i]->src, default_image_context) < 0)
+ if (SELinuxRestoreSecurityImageLabel(conn, vm->def->disks[i]) < 0)
rc = -1;
}
VIR_FREE(secdef->model);
@@ -368,16 +391,11 @@ SELinuxSetSecurityLabel(virConnectPtr co
if (secdef->imagelabel) {
for (i = 0 ; i < vm->def->ndisks ; i++) {
- if(setfilecon(vm->def->disks[i]->src, secdef->imagelabel) < 0) {
- virSecurityReportError(conn, VIR_ERR_ERROR,
- _("%s: unable to set security context "
- "'\%s\' on %s: %s."), __func__,
- secdef->imagelabel,
- vm->def->disks[i]->src,
- virStrerror(errno, ebuf, sizeof ebuf));
- if (security_getenforce() == 1)
- return -1;
- }
+ if (vm->def->disks[i]->readonly ||
+ vm->def->disks[i]->shared) continue;
+
+ if (SELinuxSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
+ return -1;
}
}
Index: libvirt.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libvirt/devel/libvirt.spec,v
retrieving revision 1.119
retrieving revision 1.120
diff -u -r1.119 -r1.120
--- libvirt.spec 17 Mar 2009 10:29:43 -0000 1.119
+++ libvirt.spec 17 Mar 2009 15:31:31 -0000 1.120
@@ -47,7 +47,7 @@
Summary: Library providing a simple API virtualization
Name: libvirt
Version: 0.6.1
-Release: 4%{?dist}%{?extra_release}
+Release: 5%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
Source: libvirt-%{version}.tar.gz
@@ -61,6 +61,7 @@
Patch8: libvirt-0.6.1-vcpu-deadlock.patch
Patch9: libvirt-0.6.1-xenblock-detach.patch
Patch10: libvirt-0.6.1-fd-leaks2.patch
+Patch11: libvirt-0.6.1-svirt-shared-readonly.patch
# Not upstream yet - pending QEMU merge
Patch100: libvirt-0.6.1-vnc-sasl-auth.patch
@@ -205,6 +206,7 @@
%patch8 -p1
%patch9 -p1
%patch10 -p0
+%patch11 -p1
%patch100 -p1
@@ -499,6 +501,9 @@
%endif
%changelog
+* Tue Mar 17 2009 Daniel P. Berrange <berrange at redhat.com> - 0.6.1-5.fc11
+- Don't relabel shared/readonly disks
+
* Tue Mar 17 2009 Daniel P. Berrange <berrange at redhat.com> - 0.6.1-4.fc11
- Fix memory allocation for xend lookup
- Avoid crash if storage volume deletion fails
- Previous message: rpms/gnome-vfs2/devel .cvsignore, 1.56, 1.57 gnome-vfs2.spec, 1.188, 1.189 sources, 1.59, 1.60
- Next message: rpms/dbus-java/devel docs.patch, NONE, 1.1 missing_test_signal_interface_2.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 dbus-java.spec, 1.3, 1.4 sources, 1.2, 1.3 docbook.patch, 1.1, NONE man_fixes.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list