[PATCH 2/4] libvirt_recover_xattrs: Use only the correct xattr prefix

Peter Krempa <pkrempa@xxxxxxxxxx> · Wed, 2 Dec 2020 11:43:09 +0100

Linux and FreeBSD have different prefix. In the current state we've
tried to reset the labels for both systems which resulted in errors like
this:

Fixing /tmp/bitmaps2.qcow2
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported

The 6 failed 'setfattrs' correspond to the wrong prefix.

Select the correct prefix based on the kernel name and modify the code
appropriately.

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 tools/libvirt_recover_xattrs.sh | 48 ++++++++++++++++++---------------
 1 file changed, 27 insertions(+), 21 deletions(-)

diff --git a/tools/libvirt_recover_xattrs.sh b/tools/libvirt_recover_xattrs.sh
index cb98497732..b7a8c05cf4 100755
--- a/tools/libvirt_recover_xattrs.sh
+++ b/tools/libvirt_recover_xattrs.sh
@@ -29,11 +29,6 @@ DIR="/"
 URI=("qemu:///system"
      "lxc:///system")

-# On Linux we use 'trusted' namespace, on FreeBSD we use 'system'
-# as there is no 'trusted'.
-LIBVIRT_XATTR_PREFIXES=("trusted.libvirt.security"
-                        "system.libvirt.security")
-
 if [ $(whoami) != "root" ]; then
     die "Must be run as root"
 fi
@@ -62,6 +57,21 @@ if [ $# -gt 0 ]; then
     DIR=$1
 fi

+case $(uname -s) in
+    Linux)
+        XATTR_PREFIX="trusted.libvirt.security"
+        ;;
+
+    FreeBSD)
+        XATTR_PREFIX="system.libvirt.security"
+        ;;
+
+    *)
+        die "$0 is not supported on this platform"
+        ;;
+esac
+
+
 if [ ${DRY_RUN} -eq 0 ]; then
     for u in ${URI[*]} ; do
         if [ -n "`virsh -q -c $u list 2>/dev/null`" ]; then
@@ -73,24 +83,20 @@ fi

 declare -a XATTRS
 for i in "dac" "selinux"; do
-    for p in ${LIBVIRT_XATTR_PREFIXES[@]}; do
-        XATTRS+=("$p.$i" "$p.ref_$i" "$p.timestamp_$i")
-    done
+    XATTRS+=("$XATTR_PREFIX.$i" "$XATTR_PREFIX.ref_$i" "$XATTR_PREFIX.timestamp_$i")
 done

-for p in ${LIBVIRT_XATTR_PREFIXES[*]}; do
-    for i in $(getfattr -R -d -m ${p} --absolute-names ${DIR} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
-        echo $i;
-        if [ ${DRY_RUN} -ne 0 ]; then
-            getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
-            continue
-        fi

-        if [ ${QUIET} -eq 0 ]; then
-            echo "Fixing $i";
-        fi
-        for x in ${XATTRS[*]}; do
-            setfattr -x $x $i
-        done
+for i in $(getfattr -R -d -m ${XATTR_PREFIX} --absolute-names ${DIR} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
+    if [ ${DRY_RUN} -ne 0 ]; then
+        getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
+        continue
+    fi
+
+    if [ ${QUIET} -eq 0 ]; then
+        echo "Fixing $i";
+    fi
+    for x in ${XATTRS[*]}; do
+        setfattr -x $x $i
     done
 done
-- 
2.28.0







