Re: [PATCH 1/1] security_util: verify xattrs only if ref is present

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/28/19 12:21 PM, Nikolay Shirokovskiy wrote:
After 7cfb7aab573 commit starting a domain pullutes logs with
warnings like [1]. The reason is resource files do not
have timestamp before starting a domain and after destroying
domain the timestamp is cleared. Let's check the timestamp
only if attribute with refcounter is found.

[1] warning : virSecurityValidateTimestamp:198 : Invalid XATTR timestamp detected on \
     /some/path secdriver=dac

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@xxxxxxxxxxxxx>
---
  src/security/security_util.c | 24 ++++++++++++++++--------
  1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/security/security_util.c b/src/security/security_util.c
index 31f41cedfd..f33fe9dd7b 100644
--- a/src/security/security_util.c
+++ b/src/security/security_util.c
@@ -269,13 +269,9 @@ virSecurityGetRememberedLabel(const char *name,
      VIR_AUTOFREE(char *) attr_name = NULL;
      VIR_AUTOFREE(char *) value = NULL;
      unsigned int refcount = 0;
-    int rc;
*label = NULL; - if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
-        return rc;
-
      if (!(ref_name = virSecurityGetRefCountAttrName(name)))
          return -1;
@@ -288,6 +284,14 @@ virSecurityGetRememberedLabel(const char *name,
                               ref_name,
                               path);
          return -1;
+    } else {
+        int rc;
+
+        if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
+            return rc;
+
+        if (rc == 1)
+            return -2;
      }
if (virStrToLong_ui(value, NULL, 10, &refcount) < 0) {
@@ -357,10 +361,6 @@ virSecuritySetRememberedLabel(const char *name,
      VIR_AUTOFREE(char *) attr_name = NULL;
      VIR_AUTOFREE(char *) value = NULL;
      unsigned int refcount = 0;
-    int rc;
-
-    if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
-        return rc;
if (!(ref_name = virSecurityGetRefCountAttrName(name)))
          return -1;
@@ -375,6 +375,14 @@ virSecuritySetRememberedLabel(const char *name,
                                   path);
              return -1;
          }
+    } else {
+        int rc;
+

This needs to be executed if and only if @value is non-NULL otherwise the warning is going to be printed. Also, I'm adding a small comment here to explain why this is done AFTER @value is read.

+        if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
+            return rc;
+
+        if (rc == 1)
+            VIR_FREE(value);

Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx>

and pushed.

Thanks,
Michal

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux