security_dac: Label non-listening sockets

SELinux security driver already does that, but DAC driver somehow missed
the memo.  Let's fix it so it works the same way.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index deb69803095bf78c5f543289a295d71190235a56..bed23c30ae8c34a2f9224cf9dfad2266fed0c366 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -789,6 +789,15 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
         ret = 0;
         break;
 
+    case VIR_DOMAIN_CHR_TYPE_UNIX:
+        if (!dev_source->data.nix.listen) {
+            if (virSecurityDACSetOwnership(dev_source->data.nix.path,
+                                           user, group) < 0)
+                goto done;
+        }
+        ret = 0;
+        break;
+
     case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
     case VIR_DOMAIN_CHR_TYPE_NULL:
     case VIR_DOMAIN_CHR_TYPE_VC:
@@ -796,7 +805,6 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
     case VIR_DOMAIN_CHR_TYPE_STDIO:
     case VIR_DOMAIN_CHR_TYPE_UDP:
     case VIR_DOMAIN_CHR_TYPE_TCP:
-    case VIR_DOMAIN_CHR_TYPE_UNIX:
     case VIR_DOMAIN_CHR_TYPE_SPICEVMC:
     case VIR_DOMAIN_CHR_TYPE_NMDM:
     case VIR_DOMAIN_CHR_TYPE_LAST: