On Thu, Nov 29, 2018 at 02:52:32PM +0100, Michal Privoznik wrote:
> Our code is not bug free. The refcounting I introduced will
> almost certainly not work in some use cases. Provide a script
> that will remove all the XATTRs set by libvirt so that it can
> start cleanly.
On this point, it would be a nice idea to be able to write some
unit tests to exercise the security drivers, as this is something
we're significantly lacking coverage of.
With mocking of the chown/setxattr/etc methods we can easily
detect some ofthe bugs you fixed here, such as forgetting to
restore labels of certain resource types.
>
> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
> ---
> tools/Makefile.am | 1 +
> tools/libvirt_recover_xattrs.sh | 89 +++++++++++++++++++++++++++++++++
> 2 files changed, 90 insertions(+)
> create mode 100755 tools/libvirt_recover_xattrs.sh
>
> diff --git a/tools/Makefile.am b/tools/Makefile.am
> index f069167acc..1dc009c4fb 100644
> --- a/tools/Makefile.am
> +++ b/tools/Makefile.am
> @@ -75,6 +75,7 @@ EXTRA_DIST = \
> virt-login-shell.conf \
> virsh-edit.c \
> bash-completion/vsh \
> + libvirt_recover_xattrs.sh \
> $(PODFILES) \
> $(MANINFILES) \
> $(NULL)
> +XATTRS=("trusted.libvirt.security.dac"
> + "trusted.libvirt.security.ref_dac"
> + "trusted.libvirt.security.selinux"
> + "trusted.libvirt.security.ref_selinux")
Needs updating to account for FreeBSD naming now
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
