mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-27 07:22:07 +03:00
Clear dynamic seclabels on LXCProcessStart failure
commit a58e1cb4
didn't fix the bug if the security_default_confined is
not set to 1. We now clean up even if there is no seclabel defined or
the default one.
This commit is contained in:
parent
0c77a54e3b
commit
88a1b54208
@ -1022,6 +1022,7 @@ int virLXCProcessStart(virConnectPtr conn,
|
||||
virCgroupPtr selfcgroup;
|
||||
int status;
|
||||
char *pidfile = NULL;
|
||||
bool clearSeclabel = false;
|
||||
|
||||
if (virCgroupNewSelf(&selfcgroup) < 0)
|
||||
return -1;
|
||||
@ -1126,6 +1127,10 @@ int virLXCProcessStart(virConnectPtr conn,
|
||||
/* If you are using a SecurityDriver with dynamic labelling,
|
||||
then generate a security label for isolation */
|
||||
VIR_DEBUG("Generating domain security label (if required)");
|
||||
|
||||
clearSeclabel = vm->def->nseclabels == 0 ||
|
||||
vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT;
|
||||
|
||||
if (vm->def->nseclabels &&
|
||||
vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT)
|
||||
vm->def->seclabels[0]->type = VIR_DOMAIN_SECLABEL_NONE;
|
||||
@ -1387,7 +1392,8 @@ int virLXCProcessStart(virConnectPtr conn,
|
||||
virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
|
||||
/* Clear out dynamically assigned labels */
|
||||
if (vm->def->nseclabels &&
|
||||
vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
|
||||
(vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC ||
|
||||
clearSeclabel)) {
|
||||
VIR_FREE(vm->def->seclabels[0]->model);
|
||||
VIR_FREE(vm->def->seclabels[0]->label);
|
||||
VIR_FREE(vm->def->seclabels[0]->imagelabel);
|
||||
|
Loading…
Reference in New Issue
Block a user