rpms / libvirt

Clone
Source Code
GIT

Blame SOURCES/libvirt-security-dac-gfx-egl-headless-Relabel-the-DRI-device.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale
  1.   0a74762999e5ec70acee082ab6147707de9db4f1
  2.   SOURCES
  3.   libvirt-security-dac-gfx-egl-headless-Relabel-the-DRI-device.patch
Blob History Raw
0a7476 
From 98189cd7e622bb89ee4916307c1287d97487233a Mon Sep 17 00:00:00 2001
0a7476 
Message-Id: <98189cd7e622bb89ee4916307c1287d97487233a@dist-git>
0a7476 
From: Erik Skultety <eskultet@redhat.com>
0a7476 
Date: Tue, 9 Apr 2019 08:34:34 +0200
0a7476 
Subject: [PATCH] security: dac: gfx: egl-headless: Relabel the DRI device
0a7476 
MIME-Version: 1.0
0a7476 
Content-Type: text/plain; charset=UTF-8
0a7476 
Content-Transfer-Encoding: 8bit
0a7476
0a7476 
Just like for SPICE, we need to change the permissions on the DRI device
0a7476 
used as the @rendernode for egl-headless graphics type.
0a7476
0a7476 
Signed-off-by: Erik Skultety <eskultet@redhat.com>
0a7476 
Reviewed-by: Ján Tomko <jtomko@redhat.com>
0a7476 
(cherry picked from commit ae00e73cfe91b76849712fb7d928cfefef39a6eb)
0a7476
0a7476 
https://bugzilla.redhat.com/show_bug.cgi?id=1628892
0a7476 
Signed-off-by: Erik Skultety <eskultet@redhat.com>
0a7476
0a7476 
 Conflicts:
0a7476 
	src/security/security_dac.c
0a7476 
            v4.7.0-58-g3ac7793ad1 was not backported
0a7476 
Message-Id: <f564d1859c197fb7477e49ce801124e0cc2d506f.1554791287.git.eskultet@redhat.com>
0a7476
0a7476 
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
0a7476 
---
0a7476 
 src/security/security_dac.c | 15 +++++++--------
0a7476 
 1 file changed, 7 insertions(+), 8 deletions(-)
0a7476
0a7476 
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
0a7476 
index 74c70dd092..cc2ed10157 100644
0a7476 
--- a/src/security/security_dac.c
0a7476 
+++ b/src/security/security_dac.c
0a7476 
@@ -1419,11 +1419,16 @@ virSecurityDACSetGraphicsLabel(virSecurityManagerPtr mgr,
0a7476 
                                virDomainGraphicsDefPtr gfx)
0a7476
0a7476 
 {
0a7476 
+    const char *rendernode = virDomainGraphicsGetRenderNode(gfx);
0a7476 
     virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
0a7476 
     virSecurityLabelDefPtr seclabel;
0a7476 
     uid_t user;
0a7476 
     gid_t group;
0a7476
0a7476 
+    /* There's nothing to relabel */
0a7476 
+    if (!rendernode)
0a7476 
+        return 0;
0a7476 
+
0a7476 
     /* Skip chowning the shared render file if namespaces are disabled */
0a7476 
     if (!priv->mountNamespace)
0a7476 
         return 0;
0a7476 
@@ -1435,14 +1440,8 @@ virSecurityDACSetGraphicsLabel(virSecurityManagerPtr mgr,
0a7476 
     if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
0a7476 
         return -1;
0a7476
0a7476 
-    if (gfx->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE &&
0a7476 
-        gfx->data.spice.gl == VIR_TRISTATE_BOOL_YES &&
0a7476 
-        gfx->data.spice.rendernode) {
0a7476 
-        if (virSecurityDACSetOwnership(priv, NULL,
0a7476 
-                                       gfx->data.spice.rendernode,
0a7476 
-                                       user, group) < 0)
0a7476 
-            return -1;
0a7476 
-    }
0a7476 
+    if (virSecurityDACSetOwnership(priv, NULL, rendernode, user, group) < 0)
0a7476 
+        return -1;
0a7476
0a7476 
     return 0;
0a7476 
 }
0a7476 
--
0a7476 
2.21.0
0a7476

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation