render / rpms / libvirt

Forked from rpms/libvirt 7 months ago
Clone
Source Code
GIT

Blame libvirt-0.7.7-set-kernel-perms.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale libvirt-hyperscale-10.4.0 upgrade-hyperscale-libvirt
  1.   7b7b86e3275f72867d798b599a6d32e4ea56af37
  2.   libvirt-0.7.7-set-kernel-perms.patch
Blob History Raw
Cole Robinson f4bfe6 
From 3f1aa08af6580c215d973bc6bf57f505dbf8b926 Mon Sep 17 00:00:00 2001
Cole Robinson f4bfe6 
From: Cole Robinson <crobinso@redhat.com>
Cole Robinson f4bfe6 
Date: Fri, 12 Mar 2010 13:38:39 -0500
Cole Robinson f4bfe6 
Subject: [PATCH] security: Set permissions for kernel/initrd
Cole Robinson f4bfe6
Cole Robinson f4bfe6 
Fixes URL installs when running virt-install as root on Fedora.
Cole Robinson f4bfe6 
---
Cole Robinson f4bfe6 
 src/qemu/qemu_security_dac.c    |   21 +++++++++++++++++++++
Cole Robinson f4bfe6 
 src/security/security_selinux.c |   16 ++++++++++++++++
Cole Robinson f4bfe6 
 2 files changed, 37 insertions(+), 0 deletions(-)
Cole Robinson f4bfe6
Cole Robinson f4bfe6 
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
Cole Robinson f4bfe6 
index 6911f48..1883fbe 100644
Cole Robinson f4bfe6 
--- a/src/qemu/qemu_security_dac.c
Cole Robinson f4bfe6 
+++ b/src/qemu/qemu_security_dac.c
Cole Robinson f4bfe6 
@@ -332,6 +332,15 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
Cole Robinson f4bfe6 
                                                      vm->def->disks[i]) < 0)
Cole Robinson f4bfe6 
             rc = -1;
Cole Robinson f4bfe6 
     }
Cole Robinson f4bfe6 
+
Cole Robinson f4bfe6 
+    if (vm->def->os.kernel &&
Cole Robinson f4bfe6 
+        qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
Cole Robinson f4bfe6 
+        rc = -1;
Cole Robinson f4bfe6 
+
Cole Robinson f4bfe6 
+    if (vm->def->os.initrd &&
Cole Robinson f4bfe6 
+        qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
Cole Robinson f4bfe6 
+        rc = -1;
Cole Robinson f4bfe6 
+
Cole Robinson f4bfe6 
     return rc;
Cole Robinson f4bfe6 
 }
Cole Robinson f4bfe6
Cole Robinson f4bfe6 
@@ -356,6 +365,18 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
Cole Robinson f4bfe6 
             return -1;
Cole Robinson f4bfe6 
     }
Cole Robinson f4bfe6
Cole Robinson f4bfe6 
+    if (vm->def->os.kernel &&
Cole Robinson f4bfe6 
+        qemuSecurityDACSetOwnership(vm->def->os.kernel,
Cole Robinson f4bfe6 
+                                    driver->user,
Cole Robinson f4bfe6 
+                                    driver->group) < 0)
Cole Robinson f4bfe6 
+        return -1;
Cole Robinson f4bfe6 
+
Cole Robinson f4bfe6 
+    if (vm->def->os.initrd &&
Cole Robinson f4bfe6 
+        qemuSecurityDACSetOwnership(vm->def->os.initrd,
Cole Robinson f4bfe6 
+                                    driver->user,
Cole Robinson f4bfe6 
+                                    driver->group) < 0)
Cole Robinson f4bfe6 
+        return -1;
Cole Robinson f4bfe6 
+
Cole Robinson f4bfe6 
     return 0;
Cole Robinson f4bfe6 
 }
Cole Robinson f4bfe6
Cole Robinson f4bfe6 
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
Cole Robinson f4bfe6 
index b2c8581..975b315 100644
Cole Robinson f4bfe6 
--- a/src/security/security_selinux.c
Cole Robinson f4bfe6 
+++ b/src/security/security_selinux.c
Cole Robinson f4bfe6 
@@ -616,6 +616,14 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
Cole Robinson f4bfe6 
             rc = -1;
Cole Robinson f4bfe6 
     }
Cole Robinson f4bfe6
Cole Robinson f4bfe6 
+    if (vm->def->os.kernel &&
Cole Robinson f4bfe6 
+        SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
Cole Robinson f4bfe6 
+        rc = -1;
Cole Robinson f4bfe6 
+
Cole Robinson f4bfe6 
+    if (vm->def->os.initrd &&
Cole Robinson f4bfe6 
+        SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
Cole Robinson f4bfe6 
+        rc = -1;
Cole Robinson f4bfe6 
+
Cole Robinson f4bfe6 
     return rc;
Cole Robinson f4bfe6 
 }
Cole Robinson f4bfe6
Cole Robinson f4bfe6 
@@ -736,6 +744,14 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
Cole Robinson f4bfe6 
             return -1;
Cole Robinson f4bfe6 
     }
Cole Robinson f4bfe6
Cole Robinson f4bfe6 
+    if (vm->def->os.kernel &&
Cole Robinson f4bfe6 
+        SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
Cole Robinson f4bfe6 
+        return -1;
Cole Robinson f4bfe6 
+
Cole Robinson f4bfe6 
+    if (vm->def->os.initrd &&
Cole Robinson f4bfe6 
+        SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0)
Cole Robinson f4bfe6 
+        return -1;
Cole Robinson f4bfe6 
+
Cole Robinson f4bfe6 
     return 0;
Cole Robinson f4bfe6 
 }
Cole Robinson f4bfe6
Cole Robinson f4bfe6 
--
Cole Robinson f4bfe6 
1.6.6.1
Cole Robinson f4bfe6

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation