selinux: deal with dtb file

author Olivia Yin <hong-hua.yin@freescale.com>

Thu, 14 Mar 2013 04:49:44 +0000 (12:49 +0800)

committer Eric Blake <eblake@redhat.com>

Tue, 19 Mar 2013 21:48:59 +0000 (15:48 -0600)
author Olivia Yin <hong-hua.yin@freescale.com>
Thu, 14 Mar 2013 04:49:44 +0000 (12:49 +0800)
committer Eric Blake <eblake@redhat.com>
Tue, 19 Mar 2013 21:48:59 +0000 (15:48 -0600)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c

index 0b274b7b5a9eef9bdb52656c5e7689975092e2e3..35b90da03c3e501e477f77971603f2243ae0fc0b 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -760,6 +760,10 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
          virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
          rc = -1;
  
+    if (def->os.dtb &&
+        virSecurityDACRestoreSecurityFileLabel(def->os.dtb) < 0)
+        rc = -1;
+
      return rc;
  }
  
@@ -822,6 +826,10 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
          virSecurityDACSetOwnership(def->os.initrd, user, group) < 0)
          return -1;
  
+    if (def->os.dtb &&
+        virSecurityDACSetOwnership(def->os.dtb, user, group) < 0)
+        return -1;
+
      return 0;
  }
  
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c

index e775544013b6dd819e7668433eba006b029bfee4..1e0063758acd83401019dd5e265adddcc8adfa30 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1765,6 +1765,10 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
          virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0)
          rc = -1;
  
+    if (def->os.dtb &&
+        virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.dtb) < 0)
+        rc = -1;
+
      return rc;
  }
  
@@ -2161,6 +2165,10 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
          virSecuritySELinuxSetFilecon(def->os.initrd, data->content_context) < 0)
          return -1;
  
+    if (def->os.dtb &&
+        virSecuritySELinuxSetFilecon(def->os.dtb, data->content_context) < 0)
+        return -1;
+
      if (stdin_path) {
          if (virSecuritySELinuxSetFilecon(stdin_path, data->content_context) < 0 &&
              virStorageFileIsSharedFSType(stdin_path,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c

index c1a3ec9b072d8a05903cbd99ba7ae67f5285a123..f764f772ae1683c4161750f8626aef3550f04360 100644 (file)
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -993,6 +993,10 @@ get_files(vahControl * ctl)
          if (vah_add_file(&buf, ctl->def->os.initrd, "r") != 0)
              goto clean;
  
+    if (ctl->def->os.dtb)
+        if (vah_add_file(&buf, ctl->def->os.dtb, "r") != 0)
+            goto clean;
+
      if (ctl->def->os.loader && ctl->def->os.loader)
          if (vah_add_file(&buf, ctl->def->os.loader, "r") != 0)
              goto clean;
author	Olivia Yin <hong-hua.yin@freescale.com>
	Thu, 14 Mar 2013 04:49:44 +0000 (12:49 +0800)
committer	Eric Blake <eblake@redhat.com>
	Tue, 19 Mar 2013 21:48:59 +0000 (15:48 -0600)
src/security/security_dac.c		patch \| blob \| blame \| history
src/security/security_selinux.c		patch \| blob \| blame \| history
src/security/virt-aa-helper.c		patch \| blob \| blame \| history