mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-27 07:22:07 +03:00
Clear dynamic seclabels on LXCProcessStart failure
commit a58e1cb4
didn't fix the bug if the security_default_confined is
not set to 1. We now clean up even if there is no seclabel defined or
the default one.
This commit is contained in:
parent
0c77a54e3b
commit
88a1b54208
@ -1022,6 +1022,7 @@ int virLXCProcessStart(virConnectPtr conn,
|
|||||||
virCgroupPtr selfcgroup;
|
virCgroupPtr selfcgroup;
|
||||||
int status;
|
int status;
|
||||||
char *pidfile = NULL;
|
char *pidfile = NULL;
|
||||||
|
bool clearSeclabel = false;
|
||||||
|
|
||||||
if (virCgroupNewSelf(&selfcgroup) < 0)
|
if (virCgroupNewSelf(&selfcgroup) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
@ -1126,6 +1127,10 @@ int virLXCProcessStart(virConnectPtr conn,
|
|||||||
/* If you are using a SecurityDriver with dynamic labelling,
|
/* If you are using a SecurityDriver with dynamic labelling,
|
||||||
then generate a security label for isolation */
|
then generate a security label for isolation */
|
||||||
VIR_DEBUG("Generating domain security label (if required)");
|
VIR_DEBUG("Generating domain security label (if required)");
|
||||||
|
|
||||||
|
clearSeclabel = vm->def->nseclabels == 0 ||
|
||||||
|
vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT;
|
||||||
|
|
||||||
if (vm->def->nseclabels &&
|
if (vm->def->nseclabels &&
|
||||||
vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT)
|
vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT)
|
||||||
vm->def->seclabels[0]->type = VIR_DOMAIN_SECLABEL_NONE;
|
vm->def->seclabels[0]->type = VIR_DOMAIN_SECLABEL_NONE;
|
||||||
@ -1387,7 +1392,8 @@ int virLXCProcessStart(virConnectPtr conn,
|
|||||||
virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
|
virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
|
||||||
/* Clear out dynamically assigned labels */
|
/* Clear out dynamically assigned labels */
|
||||||
if (vm->def->nseclabels &&
|
if (vm->def->nseclabels &&
|
||||||
vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
|
(vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC ||
|
||||||
|
clearSeclabel)) {
|
||||||
VIR_FREE(vm->def->seclabels[0]->model);
|
VIR_FREE(vm->def->seclabels[0]->model);
|
||||||
VIR_FREE(vm->def->seclabels[0]->label);
|
VIR_FREE(vm->def->seclabels[0]->label);
|
||||||
VIR_FREE(vm->def->seclabels[0]->imagelabel);
|
VIR_FREE(vm->def->seclabels[0]->imagelabel);
|
||||||
|
Loading…
Reference in New Issue
Block a user