From fa6359064ef72968c212581e4f0011a15d809f42 Mon Sep 17 00:00:00 2001 Message-Id: From: Martin Kletzander Date: Mon, 24 Aug 2015 13:04:46 +0200 Subject: [PATCH] security_dac: Label non-listening sockets https://bugzilla.redhat.com/show_bug.cgi?id=1146886 SELinux security driver already does that, but DAC driver somehow missed the memo. Let's fix it so it works the same way. Signed-off-by: Martin Kletzander (cherry picked from commit 7b6953bc2256200a5ff4b985c431bfe3c3e0cfb1) Signed-off-by: Martin Kletzander Signed-off-by: Jiri Denemark --- src/security/security_dac.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index deb6980..bed23c3 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -789,6 +789,15 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr, ret = 0; break; + case VIR_DOMAIN_CHR_TYPE_UNIX: + if (!dev_source->data.nix.listen) { + if (virSecurityDACSetOwnership(dev_source->data.nix.path, + user, group) < 0) + goto done; + } + ret = 0; + break; + case VIR_DOMAIN_CHR_TYPE_SPICEPORT: case VIR_DOMAIN_CHR_TYPE_NULL: case VIR_DOMAIN_CHR_TYPE_VC: @@ -796,7 +805,6 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr, case VIR_DOMAIN_CHR_TYPE_STDIO: case VIR_DOMAIN_CHR_TYPE_UDP: case VIR_DOMAIN_CHR_TYPE_TCP: - case VIR_DOMAIN_CHR_TYPE_UNIX: case VIR_DOMAIN_CHR_TYPE_SPICEVMC: case VIR_DOMAIN_CHR_TYPE_NMDM: case VIR_DOMAIN_CHR_TYPE_LAST: -- 2.5.1