shaba/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-20 06:50:22 +03:00
Code Releases Activity

Adapt to VIR_ALLOC and virAsprintf in src/security/*

Browse Source
This commit is contained in:
Michal Privoznik 2013-07-04 12:15:50 +02:00
parent 92a33a12a1
commit a72715e0a8
6 changed files with 46 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/security/security_apparmor.c
View File

@ -77,16 +77,13 @@ profile_status(const char *str, const int check_enforcing)
int rc = -1;
/* create string that is '<str> \0' for accurate matching */
if (virAsprintf(&tmp, "%s ", str) == -1) {
virReportOOMError();
if (virAsprintf(&tmp, "%s ", str) == -1)
return rc;
}
if (check_enforcing != 0) {
/* create string that is '<str> (enforce)\0' for accurate matching */
if (virAsprintf(&etmp, "%s (enforce)", str) == -1) {
VIR_FREE(tmp);
virReportOOMError();
return rc;
}
}
@ -132,10 +129,8 @@ profile_status_file(const char *str)
int rc = -1;
int len;
if (virAsprintf(&profile, "%s/%s", APPARMOR_DIR "/libvirt", str) == -1) {
virReportOOMError();
if (virAsprintf(&profile, "%s/%s", APPARMOR_DIR "/libvirt", str) == -1)
return rc;
}
if (!virFileExists(profile))
goto failed;
@ -147,10 +142,8 @@ profile_status_file(const char *str)
}
/* create string that is ' <str> flags=(complain)\0' */
if (virAsprintf(&tmp, " %s flags=(complain)", str) == -1) {
virReportOOMError();
if (virAsprintf(&tmp, " %s flags=(complain)", str) == -1)
goto failed;
}
if (strstr(content, tmp) != NULL)
rc = 0;
@ -231,10 +224,8 @@ get_profile_name(virDomainDefPtr def)
char *name = NULL;
virUUIDFormat(def->uuid, uuidstr);
if (virAsprintf(&name, "%s%s", AA_PREFIX, uuidstr) < 0) {
virReportOOMError();
if (virAsprintf(&name, "%s%s", AA_PREFIX, uuidstr) < 0)
return NULL;
}
return name;
}
@ -363,10 +354,8 @@ AppArmorSecurityManagerProbe(const char *virtDriver)
/* see if template file exists */
if (virAsprintf(&template, "%s/TEMPLATE",
APPARMOR_DIR "/libvirt") == -1) {
virReportOOMError();
APPARMOR_DIR "/libvirt") == -1)
return rc;
}
if (!virFileExists(template)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
@ -920,10 +909,8 @@ AppArmorSetFDLabel(virSecurityManagerPtr mgr,
if (secdef->imagelabel == NULL)
return 0;
if (virAsprintf(&proc, "/proc/self/fd/%d", fd) == -1) {
virReportOOMError();
if (virAsprintf(&proc, "/proc/self/fd/%d", fd) == -1)
return rc;
}
if (virFileResolveLink(proc, &fd_path) < 0) {
/* it's a deleted file, presumably. Ignore? */

12
src/security/security_dac.c
View File

@ -713,10 +713,8 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
virReportOOMError();
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0))
goto done;
}
if (virFileExists(in) && virFileExists(out)) {
if ((virSecurityDACSetOwnership(in, user, group) < 0) ||
(virSecurityDACSetOwnership(out, user, group) < 0)) {
@ -755,10 +753,8 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&out, "%s.out", dev->data.file.path) < 0) ||
(virAsprintf(&in, "%s.in", dev->data.file.path) < 0)) {
virReportOOMError();
(virAsprintf(&in, "%s.in", dev->data.file.path) < 0))
goto done;
}
if (virFileExists(in) && virFileExists(out)) {
if ((virSecurityDACRestoreSecurityFileLabel(out) < 0) ||
(virSecurityDACRestoreSecurityFileLabel(in) < 0)) {
@ -1084,10 +1080,8 @@ virSecurityDACGenLabel(virSecurityManagerPtr mgr,
case VIR_DOMAIN_SECLABEL_DYNAMIC:
if (virAsprintf(&seclabel->label, "%u:%u",
(unsigned int) priv->user,
(unsigned int) priv->group) < 0) {
virReportOOMError();
(unsigned int) priv->group) < 0)
return rc;
}
if (seclabel->label == NULL) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate dac user and group id "

12
src/security/security_manager.c
View File

@ -80,10 +80,8 @@ static virSecurityManagerPtr virSecurityManagerNewDriver(virSecurityDriverPtr dr
allowDiskFormatProbing, defaultConfined,
requireConfined);
if (VIR_ALLOC_N(privateData, drv->privateDataLen) < 0) {
virReportOOMError();
if (VIR_ALLOC_N(privateData, drv->privateDataLen) < 0)
return NULL;
}
if (!(mgr = virObjectLockableNew(virSecurityManagerClass))) {
VIR_FREE(privateData);
@ -487,10 +485,8 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
/* The seclabel must be added to @vm prior calling domainGenSecurityLabel
* which may require seclabel to be presented already */
if (generated &&
VIR_APPEND_ELEMENT_QUIET(vm->seclabels, vm->nseclabels, seclabel) < 0) {
virReportOOMError();
VIR_APPEND_ELEMENT(vm->seclabels, vm->nseclabels, seclabel) < 0)
goto cleanup;
}
if (sec_managers[i]->drv->domainGenSecurityLabel(sec_managers[i], vm) < 0) {
if (VIR_DELETE_ELEMENT(vm->seclabels,
@ -703,10 +699,8 @@ virSecurityManagerGetNested(virSecurityManagerPtr mgr)
return virSecurityStackGetNested(mgr);
}
if (VIR_ALLOC_N(list, 2) < 0) {
virReportOOMError();
if (VIR_ALLOC_N(list, 2) < 0)
return NULL;
}
list[0] = mgr;
list[1] = NULL;

46
src/security/security_selinux.c
View File

@ -141,20 +141,16 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr,
VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin);
if (c1 == c2) {
if (virAsprintf(&mcs, "%s:c%d", sens, catMin + c1) < 0) {
virReportOOMError();
if (virAsprintf(&mcs, "%s:c%d", sens, catMin + c1) < 0)
return NULL;
}
} else {
if (c1 > c2) {
int t = c1;
c1 = c2;
c2 = t;
}
if (virAsprintf(&mcs, "%s:c%d,c%d", sens, catMin + c1, catMin + c2) < 0) {
virReportOOMError();
if (virAsprintf(&mcs, "%s:c%d,c%d", sens, catMin + c1, catMin + c2) < 0)
return NULL;
}
}
if (virHashLookup(data->mcs, mcs) == NULL)
@ -628,7 +624,7 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
}
if (!(range = context_range_get(ctx))) {
virReportOOMError();
virReportSystemError(errno, "%s", _("unable to get selinux context range"));
goto cleanup;
}
if (VIR_STRDUP(mcs, range) < 0)
@ -1224,9 +1220,8 @@ virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
if (!disk_seclabel)
return -1;
disk_seclabel->norelabel = true;
if (VIR_APPEND_ELEMENT_QUIET(disk->seclabels, disk->nseclabels,
disk_seclabel) < 0) {
virReportOOMError();
if (VIR_APPEND_ELEMENT(disk->seclabels, disk->nseclabels,
disk_seclabel) < 0) {
virSecurityDeviceLabelDefFree(disk_seclabel);
return -1;
}
@ -1390,10 +1385,8 @@ virSecuritySELinuxSetSecurityHostdevCapsLabel(virDomainDefPtr def,
case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_STORAGE: {
if (vroot) {
if (virAsprintf(&path, "%s/%s", vroot,
dev->source.caps.u.storage.block) < 0) {
virReportOOMError();
dev->source.caps.u.storage.block) < 0)
return -1;
}
} else {
if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0)
return -1;
@ -1406,10 +1399,8 @@ virSecuritySELinuxSetSecurityHostdevCapsLabel(virDomainDefPtr def,
case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_MISC: {
if (vroot) {
if (virAsprintf(&path, "%s/%s", vroot,
dev->source.caps.u.misc.chardev) < 0) {
virReportOOMError();
dev->source.caps.u.misc.chardev) < 0)
return -1;
}
} else {
if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0)
return -1;
@ -1580,10 +1571,8 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr,
case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_STORAGE: {
if (vroot) {
if (virAsprintf(&path, "%s/%s", vroot,
dev->source.caps.u.storage.block) < 0) {
virReportOOMError();
dev->source.caps.u.storage.block) < 0)
return -1;
}
} else {
if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0)
return -1;
@ -1596,10 +1585,8 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr,
case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_MISC: {
if (vroot) {
if (virAsprintf(&path, "%s/%s", vroot,
dev->source.caps.u.misc.chardev) < 0) {
virReportOOMError();
dev->source.caps.u.misc.chardev) < 0)
return -1;
}
} else {
if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0)
return -1;
@ -1693,10 +1680,8 @@ virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0) ||
(virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0)) {
virReportOOMError();
(virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0))
goto done;
}
if (virFileExists(in) && virFileExists(out)) {
if ((virSecuritySELinuxSetFilecon(in, imagelabel) < 0) ||
(virSecuritySELinuxSetFilecon(out, imagelabel) < 0)) {
@ -1760,10 +1745,8 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virSecurityManagerPtr mgr,
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0) ||
(virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0)) {
virReportOOMError();
(virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0))
goto done;
}
if (virFileExists(in) && virFileExists(out)) {
if ((virSecuritySELinuxRestoreSecurityFileLabel(mgr, out) < 0) ||
(virSecuritySELinuxRestoreSecurityFileLabel(mgr, in) < 0)) {
@ -2397,7 +2380,8 @@ virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr,
if (secdef->label) {
ctx = context_new(secdef->label);
if (!ctx) {
virReportOOMError();
virReportSystemError(errno, _("unable to create selinux context for: %s"),
secdef->label);
goto cleanup;
}
range = context_range_get(ctx);
@ -2430,10 +2414,8 @@ virSecuritySELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr,
if (secdef->imagelabel &&
virAsprintf(&opts,
",context=\"%s\"",
(const char*) secdef->imagelabel) < 0) {
virReportOOMError();
(const char*) secdef->imagelabel) < 0)
return NULL;
}
}
if (!opts && VIR_STRDUP(opts, "") < 0)

8
src/security/security_stack.c
View File

@ -53,10 +53,8 @@ virSecurityStackAddNested(virSecurityManagerPtr mgr,
while (tmp && tmp->next)
tmp = tmp->next;
if (VIR_ALLOC(item) < 0) {
virReportOOMError();
if (VIR_ALLOC(item) < 0)
return -1;
}
item->securityManager = nested;
if (tmp)
tmp->next = item;
@ -520,10 +518,8 @@ virSecurityStackGetNested(virSecurityManagerPtr mgr)
for (item = priv->itemsHead; item; item = item->next)
len++;
if (VIR_ALLOC_N(list, len + 1) < 0) {
virReportOOMError();
if (VIR_ALLOC_N(list, len + 1) < 0)
return NULL;
}
for (item = priv->itemsHead; item; item = item->next, i++)
list[i] = item->securityManager;

36
src/security/virt-aa-helper.c
View File

@ -160,7 +160,7 @@ replace_string(char *orig, const size_t len, const char *oldstr,
return -1;
}
if (VIR_ALLOC_N(tmp, len) < 0) {
if (VIR_ALLOC_N_QUIET(tmp, len) < 0) {
vah_error(NULL, 0, _("could not allocate memory for string"));
return -1;
}
@ -217,8 +217,8 @@ parserCommand(const char *profile_name, const char cmd)
snprintf(flag, 3, "-%c", cmd);
if (virAsprintf(&profile, "%s/%s",
APPARMOR_DIR "/libvirt", profile_name) < 0) {
if (virAsprintfQuiet(&profile, "%s/%s",
APPARMOR_DIR "/libvirt", profile_name) < 0) {
vah_error(NULL, 0, _("profile name exceeds maximum length"));
return -1;
}
@ -275,12 +275,12 @@ update_include_file(const char *include_file, const char *included_files,
}
if (append && virFileExists(include_file)) {
if (virAsprintf(&pcontent, "%s%s", existing, included_files) == -1) {
if (virAsprintfQuiet(&pcontent, "%s%s", existing, included_files) == -1) {
vah_error(NULL, 0, _("could not allocate memory for profile"));
goto cleanup;
}
} else {
if (virAsprintf(&pcontent, "%s%s", warning, included_files) == -1) {
if (virAsprintfQuiet(&pcontent, "%s%s", warning, included_files) == -1) {
vah_error(NULL, 0, _("could not allocate memory for profile"));
goto cleanup;
}
@ -346,7 +346,7 @@ create_profile(const char *profile, const char *profile_name,
goto end;
}
if (virAsprintf(&template, "%s/TEMPLATE", APPARMOR_DIR "/libvirt") < 0) {
if (virAsprintfQuiet(&template, "%s/TEMPLATE", APPARMOR_DIR "/libvirt") < 0) {
vah_error(NULL, 0, _("template name exceeds maximum length"));
goto end;
}
@ -372,13 +372,13 @@ create_profile(const char *profile, const char *profile_name,
}
/* '\nprofile <profile_name>\0' */
if (virAsprintf(&replace_name, "\nprofile %s", profile_name) == -1) {
if (virAsprintfQuiet(&replace_name, "\nprofile %s", profile_name) == -1) {
vah_error(NULL, 0, _("could not allocate memory for profile name"));
goto clean_tcontent;
}
/* '\n<profile_files>\n}\0' */
if (virAsprintf(&replace_files, "\n%s\n}", profile_files) == -1) {
if (virAsprintfQuiet(&replace_files, "\n%s\n}", profile_files) == -1) {
vah_error(NULL, 0, _("could not allocate memory for profile files"));
VIR_FREE(replace_name);
goto clean_tcontent;
@ -391,7 +391,7 @@ create_profile(const char *profile, const char *profile_name,
goto clean_replace;
}
if (VIR_ALLOC_N(pcontent, plen) < 0) {
if (VIR_ALLOC_N_QUIET(pcontent, plen) < 0) {
vah_error(NULL, 0, _("could not allocate memory for profile"));
goto clean_replace;
}
@ -812,7 +812,7 @@ vah_add_file_chardev(virBufferPtr buf,
if (type == VIR_DOMAIN_CHR_TYPE_PIPE) {
/* add the pipe input */
if (virAsprintf(&pipe_in, "%s.in", path) == -1) {
if (virAsprintfQuiet(&pipe_in, "%s.in", path) == -1) {
vah_error(NULL, 0, _("could not allocate memory"));
goto cleanup;
}
@ -821,7 +821,7 @@ vah_add_file_chardev(virBufferPtr buf,
goto clean_pipe_in;
/* add the pipe output */
if (virAsprintf(&pipe_out, "%s.out", path) == -1) {
if (virAsprintfQuiet(&pipe_out, "%s.out", path) == -1) {
vah_error(NULL, 0, _("could not allocate memory"));
goto clean_pipe_in;
}
@ -896,7 +896,7 @@ get_files(vahControl * ctl)
/* verify uuid is same as what we were given on the command line */
virUUIDFormat(ctl->def->uuid, uuidstr);
if (virAsprintf(&uuid, "%s%s", AA_PREFIX, uuidstr) == -1) {
if (virAsprintfQuiet(&uuid, "%s%s", AA_PREFIX, uuidstr) == -1) {
vah_error(ctl, 0, _("could not allocate memory"));
return rc;
}
@ -1207,12 +1207,12 @@ main(int argc, char **argv)
if (vahParseArgv(ctl, argc, argv) != 0)
vah_error(ctl, 1, _("could not parse arguments"));
if (virAsprintf(&profile, "%s/%s",
APPARMOR_DIR "/libvirt", ctl->uuid) < 0)
if (virAsprintfQuiet(&profile, "%s/%s",
APPARMOR_DIR "/libvirt", ctl->uuid) < 0)
vah_error(ctl, 0, _("could not allocate memory"));
if (virAsprintf(&include_file, "%s/%s.files",
APPARMOR_DIR "/libvirt", ctl->uuid) < 0)
if (virAsprintfQuiet(&include_file, "%s/%s.files",
APPARMOR_DIR "/libvirt", ctl->uuid) < 0)
vah_error(ctl, 0, _("could not allocate memory"));
if (ctl->cmd == 'a')
@ -1271,8 +1271,8 @@ main(int argc, char **argv)
/* create the profile from TEMPLATE */
if (ctl->cmd == 'c') {
char *tmp = NULL;
if (virAsprintf(&tmp, " #include <libvirt/%s.files>\n",
ctl->uuid) == -1) {
if (virAsprintfQuiet(&tmp, " #include <libvirt/%s.files>\n",
ctl->uuid) == -1) {
vah_error(ctl, 0, _("could not allocate memory"));
goto cleanup;
}