[PATCH] Follow up fix of commit a58e1cb4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



commit a58e1cb4 didn't fix the bug if the security_default_confined is
not set to 1. We now clean up even if there is no seclabel defined or
the default one.
---
 src/lxc/lxc_process.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index b385423..19ea7f3 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -1022,6 +1022,7 @@ int virLXCProcessStart(virConnectPtr conn,
     virCgroupPtr selfcgroup;
     int status;
     char *pidfile = NULL;
+    bool clearSeclabel = false;
 
     if (virCgroupNewSelf(&selfcgroup) < 0)
         return -1;
@@ -1126,6 +1127,10 @@ int virLXCProcessStart(virConnectPtr conn,
     /* If you are using a SecurityDriver with dynamic labelling,
        then generate a security label for isolation */
     VIR_DEBUG("Generating domain security label (if required)");
+
+    clearSeclabel = vm->def->nseclabels == 0 ||
+                    vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT;
+
     if (vm->def->nseclabels &&
         vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT)
         vm->def->seclabels[0]->type = VIR_DOMAIN_SECLABEL_NONE;
@@ -1387,7 +1392,8 @@ int virLXCProcessStart(virConnectPtr conn,
         virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
         /* Clear out dynamically assigned labels */
         if (vm->def->nseclabels &&
-            vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
+            (vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC ||
+            clearSeclabel)) {
             VIR_FREE(vm->def->seclabels[0]->model);
             VIR_FREE(vm->def->seclabels[0]->label);
             VIR_FREE(vm->def->seclabels[0]->imagelabel);
-- 
2.1.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]