security: Fix labelling host devices (bz 1145968)

author Cole Robinson <crobinso@redhat.com>

Wed, 24 Sep 2014 15:47:46 +0000 (11:47 -0400)

committer Cole Robinson <crobinso@redhat.com>

Wed, 24 Sep 2014 21:04:28 +0000 (17:04 -0400)
author Cole Robinson <crobinso@redhat.com>
Wed, 24 Sep 2014 15:47:46 +0000 (11:47 -0400)
committer Cole Robinson <crobinso@redhat.com>
Wed, 24 Sep 2014 21:04:28 +0000 (17:04 -0400)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c

index 041ce65be3c659febb6ed8506c67e5e3b83a4121..3025284503e5d1f26e8f101ee729b9cf8cea64c5 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -828,7 +828,8 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
      /* Like AppArmorRestoreSecurityImageLabel() for a networked disk,
       * do nothing for an iSCSI hostdev
       */
-    if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
+    if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
+        scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
          return 0;
  
      if (profile_loaded(secdef->imagelabel) < 0)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c

index e398d2ce77f94b615d45a6bd419b23f976cf43a0..85253af03d76fcfa438c303a7f47f711f58ecdb9 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -523,7 +523,8 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
      /* Like virSecurityDACSetSecurityImageLabel() for a networked disk,
       * do nothing for an iSCSI hostdev
       */
-    if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
+    if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
+        scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
          return 0;
  
      cbdata.manager = mgr;
@@ -657,7 +658,8 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
      /* Like virSecurityDACRestoreSecurityImageLabelInt() for a networked disk,
       * do nothing for an iSCSI hostdev
       */
-    if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
+    if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
+        scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
          return 0;
  
      switch ((virDomainHostdevSubsysType) dev->source.subsys.type) {
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c

index c69eeb952ff4308532bc329202bab9c4246e019f..b7c10153e8ff3891d85888adb7c9e69784f8a658 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1329,7 +1329,8 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virDomainDefPtr def,
      /* Like virSecuritySELinuxSetSecurityImageLabelInternal() for a networked
       * disk, do nothing for an iSCSI hostdev
       */
-    if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
+    if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
+        scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
          return 0;
  
      switch (dev->source.subsys.type) {
@@ -1522,7 +1523,8 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr,
      /* Like virSecuritySELinuxRestoreSecurityImageLabelInt() for a networked
       * disk, do nothing for an iSCSI hostdev
       */
-    if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
+    if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
+        scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
          return 0;
  
      switch (dev->source.subsys.type) {
author	Cole Robinson <crobinso@redhat.com>
	Wed, 24 Sep 2014 15:47:46 +0000 (11:47 -0400)
committer	Cole Robinson <crobinso@redhat.com>
	Wed, 24 Sep 2014 21:04:28 +0000 (17:04 -0400)
src/security/security_apparmor.c		patch \| blob \| blame \| history
src/security/security_dac.c		patch \| blob \| blame \| history
src/security/security_selinux.c		patch \| blob \| blame \| history