If virSecuritySELinuxRestoreFileLabel returns 0 or -1 too soon, then
the @newpath will be leaked.
Suggested-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
src/security/security_selinux.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 4de8b6f9cd..f3690a4cb1 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1477,10 +1477,12 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
goto cleanup;
}
- if ((rc = virSecuritySELinuxTransactionAppend(path, NULL, false, true)) < 0)
- return -1;
- else if (rc > 0)
- return 0;
+ if ((rc = virSecuritySELinuxTransactionAppend(path, NULL, false, true)) < 0) {
+ goto cleanup;
+ } else if (rc > 0) {
+ ret = 0;
+ goto cleanup;
+ }
if (recall) {
if ((rc = virSecuritySELinuxRecallLabel(newpath, &fcon)) < 0) {
--
2.19.2
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
