2018-09-25 15:15:24 +03:00
#!/bin/bash
function die {
echo $@ >& 2
exit 1
}
function show_help {
cat << EOF
2020-12-02 12:55:01 +03:00
Usage: ${ 0 ##*/ } -[ hqnu] [ PATH ...]
2018-09-25 15:15:24 +03:00
Clear out any XATTRs set by libvirt on all files that have them.
The idea is to reset refcounting, should it break.
-h display this help and exit
-q quiet ( don' t print which files are being fixed)
-n dry run; don' t remove any XATTR just report the file name
2020-11-26 19:19:43 +03:00
-u unsafe; don' t check whether there are running VMs; PATH must be specified
2018-09-25 15:15:24 +03:00
PATH can be specified to refine search to only to given path
instead of whole root ( '/' ) , which is the default.
EOF
}
QUIET = 0
DRY_RUN = 0
2020-11-26 19:19:43 +03:00
UNSAFE = 0
2018-09-25 15:15:24 +03:00
# So far only qemu and lxc drivers use security driver.
URI = ( "qemu:///system"
"lxc:///system" )
2020-12-02 11:57:30 +03:00
if [ $( whoami) != "root" ] ; then
2018-09-25 15:15:24 +03:00
die "Must be run as root"
fi
2020-11-26 19:19:43 +03:00
while getopts hqnu opt; do
2018-09-25 15:15:24 +03:00
case $opt in
h)
show_help
exit 0
; ;
q)
QUIET = 1
; ;
n)
DRY_RUN = 1
; ;
2020-11-26 19:19:43 +03:00
u)
UNSAFE = 1
; ;
2018-09-25 15:15:24 +03:00
*)
show_help >& 2
exit 1
; ;
esac
done
2020-12-02 12:24:21 +03:00
case $( uname -s) in
Linux)
XATTR_PREFIX = "trusted.libvirt.security"
; ;
FreeBSD)
XATTR_PREFIX = "system.libvirt.security"
; ;
*)
die " $0 is not supported on this platform "
; ;
esac
2020-11-26 19:19:43 +03:00
if [ ${ DRY_RUN } -eq 0 ] && [ ${ UNSAFE } -eq 0 ] ; then
2018-09-25 15:15:24 +03:00
for u in ${ URI [*] } ; do
if [ -n " `virsh -q -c $u list 2>/dev/null` " ] ; then
die " There are still some domains running for $u "
fi
done
fi
2019-01-15 11:19:08 +03:00
declare -a XATTRS
for i in "dac" "selinux" ; do
2020-12-02 12:24:21 +03:00
XATTRS += ( " $XATTR_PREFIX . $i " " $XATTR_PREFIX .ref_ $i " " $XATTR_PREFIX .timestamp_ $i " )
2019-01-15 11:19:08 +03:00
done
2020-12-02 12:55:01 +03:00
fix_xattrs( ) {
local DIR = " $1 "
2019-01-15 11:19:08 +03:00
2020-12-02 12:55:01 +03:00
for i in $( getfattr -R -d -m ${ XATTR_PREFIX } --absolute-names ${ DIR } 2>/dev/null | grep "^# file:" | cut -d':' -f 2) ; do
if [ ${ DRY_RUN } -ne 0 ] ; then
getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
continue
fi
2020-12-02 12:24:21 +03:00
2020-12-02 12:55:01 +03:00
if [ ${ QUIET } -eq 0 ] ; then
echo " Fixing $i " ;
fi
for x in ${ XATTRS [*] } ; do
setfattr -x $x $i
done
2018-09-25 15:15:24 +03:00
done
2020-12-02 12:55:01 +03:00
}
shift $(( OPTIND - 1 ))
if [ $# -gt 0 ] ; then
while [ $# -gt 0 ] ; do
fix_xattrs " $1 "
shift $(( OPTIND - 1 ))
done
else
if [ ${ UNSAFE } -eq 1 ] ; then
die "Unsafe mode (-u) requires explicit 'PATH' argument"
fi
fix_xattrs "/"
fi