[PATCH for v5.3.0 01/17] tools: Slightly rework libvirt_recover_xattrs.sh

Michal Privoznik <mprivozn@xxxxxxxxxx> · Thu, 28 Mar 2019 16:04:13 +0100

Firstly, there's no reason to enumerate all XATTRs since they
differ only in the prefix and we can construct them in a loop.

Secondly, and more importantly, the script was still looking for
just one prefix "trusted.libvirt.security" even on FreeBSD.

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
 tools/libvirt_recover_xattrs.sh | 49 +++++++++++++++++----------------
 1 file changed, 25 insertions(+), 24 deletions(-)

diff --git a/tools/libvirt_recover_xattrs.sh b/tools/libvirt_recover_xattrs.sh
index 69dfca0160..3302fca60e 100755
--- a/tools/libvirt_recover_xattrs.sh
+++ b/tools/libvirt_recover_xattrs.sh
@@ -23,14 +23,17 @@ EOF
 
 QUIET=0
 DRY_RUN=0
-P="/"
+DIR="/"
 
 # So far only qemu and lxc drivers use security driver.
 URI=("qemu:///system"
      "qemu:///session"
      "lxc:///system")
 
-LIBVIRT_XATTR_PREFIX="trusted.libvirt.security"
+# On Linux we use 'trusted' namespace, on FreeBSD we use 'system'
+# as there is no 'trusted'.
+LIBVIRT_XATTR_PREFIXES=("trusted.libvirt.security"
+                        "system.libvirt.security")
 
 if [ `whoami` != "root" ]; then
     die "Must be run as root"
@@ -57,7 +60,7 @@ done
 
 shift $((OPTIND - 1))
 if [ $# -gt 0 ]; then
-    P=$1
+    DIR=$1
 fi
 
 if [ ${DRY_RUN} -eq 0 ]; then
@@ -69,28 +72,26 @@ if [ ${DRY_RUN} -eq 0 ]; then
 fi
 
 
-# On Linux we use 'trusted' namespace, on FreeBSD we use 'system'
-# as there is no 'trusted'.
-XATTRS=("trusted.libvirt.security.dac"
-        "trusted.libvirt.security.ref_dac"
-        "trusted.libvirt.security.selinux"
-        "trusted.libvirt.security.ref_selinux",
-        "system.libvirt.security.dac"
-        "system.libvirt.security.ref_dac"
-        "system.libvirt.security.selinux"
-        "system.libvirt.security.ref_selinux")
+declare -a XATTRS
+for i in "dac" "selinux"; do
+    for p in ${LIBVIRT_XATTR_PREFIXES[@]}; do
+        XATTRS+=("$p.$i" "$p.ref_$i")
+    done
+done
 
-for i in $(getfattr -R -d -m ${LIBVIRT_XATTR_PREFIX} --absolute-names ${P} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
-    if [ ${DRY_RUN} -ne 0 ]; then
-        echo $i
-        getfattr -d -m ${LIBVIRT_XATTR_PREFIX} $i
-        continue
-    fi
+for p in ${LIBVIRT_XATTR_PREFIXES[*]}; do
+    for i in $(getfattr -R -d -m ${p} --absolute-names ${DIR} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
+        echo $i;
+        if [ ${DRY_RUN} -ne 0 ]; then
+            getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
+            continue
+        fi
 
-    if [ ${QUIET} -eq 0 ]; then
-        echo "Fixing $i";
-    fi
-    for x in ${XATTRS[*]}; do
-        setfattr -x $x $i
+        if [ ${QUIET} -eq 0 ]; then
+            echo "Fixing $i";
+        fi
+        for x in ${XATTRS[*]}; do
+            setfattr -x $x $i
+        done
     done
 done
-- 
2.19.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list






