[PATCH v4 22/23] security_selinux: Move transaction handling up one level

Michal Privoznik <mprivozn@xxxxxxxxxx> · Mon, 10 Sep 2018 11:36:23 +0200

So far the whole transaction handling is done
virSecuritySELinuxSetFileconHelper(). This needs to change for
the sake of security label remembering and locking. Otherwise we
would be locking a path when only appending it to transaction
list and not when actually relabelling it.

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
 src/security/security_selinux.c | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 72d12c9df1..f6416010f9 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1146,20 +1146,14 @@ virSecuritySELinuxGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
  * return 1 if labelling was not possible.  Otherwise, require a label
  * change, and return 0 for success, -1 for failure.  */
 static int
-virSecuritySELinuxSetFileconHelper(const char *path, const char *tcon,
-                                   bool optional, bool privileged)
+virSecuritySELinuxSetFileconImpl(const char *path, const char *tcon,
+                                 bool optional, bool privileged)
 {
     security_context_t econ;
-    int rc;
 
     /* Be aware that this function might run in a separate process.
      * Therefore, any driver state changes would be thrown away. */
 
-    if ((rc = virSecuritySELinuxTransactionAppend(path, tcon, optional)) < 0)
-        return -1;
-    else if (rc > 0)
-        return 0;
-
     VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
 
     if (setfilecon_raw(path, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) {
@@ -1213,6 +1207,22 @@ virSecuritySELinuxSetFileconHelper(const char *path, const char *tcon,
     return 0;
 }
 
+
+static int
+virSecuritySELinuxSetFileconHelper(const char *path, const char *tcon,
+                                   bool optional, bool privileged)
+{
+    int rc;
+
+    if ((rc = virSecuritySELinuxTransactionAppend(path, tcon, optional)) < 0)
+        return -1;
+    else if (rc > 0)
+        return 0;
+
+    return virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged);
+}
+
+
 static int
 virSecuritySELinuxSetFileconOptional(virSecurityManagerPtr mgr,
                                      const char *path, const char *tcon)
@@ -1289,10 +1299,12 @@ static int
 virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
                                    const char *path)
 {
+    bool privileged = virSecurityManagerGetPrivileged(mgr);
     struct stat buf;
     security_context_t fcon = NULL;
     char *newpath = NULL;
     char ebuf[1024];
+    int rc;
     int ret = -1;
 
     /* Some paths are auto-generated, so let's be safe here and do
@@ -1324,7 +1336,12 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
         goto cleanup;
     }
 
-    if (virSecuritySELinuxSetFilecon(mgr, newpath, fcon) < 0)
+    if ((rc = virSecuritySELinuxTransactionAppend(path, fcon, false)) < 0)
+        return -1;
+    else if (rc > 0)
+        return 0;
+
+    if (virSecuritySELinuxSetFileconImpl(newpath, fcon, false, privileged) < 0)
         goto cleanup;
 
     ret = 0;
-- 
2.16.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list






