security: Set permissions for kernel/initrd

author Cole Robinson <crobinso@redhat.com>

Fri, 12 Mar 2010 18:38:39 +0000 (13:38 -0500)

committer Cole Robinson <crobinso@redhat.com>

Mon, 15 Mar 2010 16:36:50 +0000 (12:36 -0400)
author Cole Robinson <crobinso@redhat.com>
Fri, 12 Mar 2010 18:38:39 +0000 (13:38 -0500)
committer Cole Robinson <crobinso@redhat.com>
Mon, 15 Mar 2010 16:36:50 +0000 (12:36 -0400)
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c

index 6911f4874aa3d900c9c7086109dd53d3d637dccf..1883fbecd87bb44a6892984fed010245eaa3412c 100644 (file)
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -332,6 +332,15 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
                                                       vm->def->disks[i]) < 0)
              rc = -1;
      }
+
+    if (vm->def->os.kernel &&
+        qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
+        rc = -1;
+
+    if (vm->def->os.initrd &&
+        qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
+        rc = -1;
+
      return rc;
  }
  
@@ -356,6 +365,18 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
              return -1;
      }
  
+    if (vm->def->os.kernel &&
+        qemuSecurityDACSetOwnership(vm->def->os.kernel,
+                                    driver->user,
+                                    driver->group) < 0)
+        return -1;
+
+    if (vm->def->os.initrd &&
+        qemuSecurityDACSetOwnership(vm->def->os.initrd,
+                                    driver->user,
+                                    driver->group) < 0)
+        return -1;
+
      return 0;
  }
  
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c

index b2c85815c31e7d466c09fabf29cbc78c34d9de32..975b31524b0aa0256af0b4cd606e297d1732a84a 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -616,6 +616,14 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
              rc = -1;
      }
  
+    if (vm->def->os.kernel &&
+        SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
+        rc = -1;
+
+    if (vm->def->os.initrd &&
+        SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
+        rc = -1;
+
      return rc;
  }
  
@@ -736,6 +744,14 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
              return -1;
      }
  
+    if (vm->def->os.kernel &&
+        SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
+        return -1;
+
+    if (vm->def->os.initrd &&
+        SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0)
+        return -1;
+
      return 0;
  }
author	Cole Robinson <crobinso@redhat.com>
	Fri, 12 Mar 2010 18:38:39 +0000 (13:38 -0500)
committer	Cole Robinson <crobinso@redhat.com>
	Mon, 15 Mar 2010 16:36:50 +0000 (12:36 -0400)
src/qemu/qemu_security_dac.c		patch \| blob \| blame \| history
src/security/security_selinux.c		patch \| blob \| blame \| history