tools: Slightly rework libvirt_recover_xattrs.sh

Firstly, there's no reason to enumerate all XATTRs since they
differ only in the prefix and we can construct them in a loop.

Secondly, and more importantly, the script was still looking for
just one prefix "trusted.libvirt.security" even on FreeBSD.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/tools/libvirt_recover_xattrs.sh b/tools/libvirt_recover_xattrs.sh
index 69dfca0160206192b868d79ac0938d5785d32fb0..58f02f8dfbaa3eb7390874c15bf1bdaf429db4f9 100755 (executable)
--- a/tools/libvirt_recover_xattrs.sh
+++ b/tools/libvirt_recover_xattrs.sh
@@ -23,14 +23,16 @@ EOF
 
 QUIET=0
 DRY_RUN=0
-P="/"
+DIR="/"
 
 # So far only qemu and lxc drivers use security driver.
 URI=("qemu:///system"
-     "qemu:///session"
      "lxc:///system")
 
-LIBVIRT_XATTR_PREFIX="trusted.libvirt.security"
+# On Linux we use 'trusted' namespace, on FreeBSD we use 'system'
+# as there is no 'trusted'.
+LIBVIRT_XATTR_PREFIXES=("trusted.libvirt.security"
+                        "system.libvirt.security")
 
 if [ `whoami` != "root" ]; then
     die "Must be run as root"
@@ -57,7 +59,7 @@ done
 
 shift $((OPTIND - 1))
 if [ $# -gt 0 ]; then
-    P=$1
+    DIR=$1
 fi
 
 if [ ${DRY_RUN} -eq 0 ]; then
@@ -69,28 +71,26 @@ if [ ${DRY_RUN} -eq 0 ]; then
 fi
 
 
-# On Linux we use 'trusted' namespace, on FreeBSD we use 'system'
-# as there is no 'trusted'.
-XATTRS=("trusted.libvirt.security.dac"
-        "trusted.libvirt.security.ref_dac"
-        "trusted.libvirt.security.selinux"
-        "trusted.libvirt.security.ref_selinux",
-        "system.libvirt.security.dac"
-        "system.libvirt.security.ref_dac"
-        "system.libvirt.security.selinux"
-        "system.libvirt.security.ref_selinux")
-
-for i in $(getfattr -R -d -m ${LIBVIRT_XATTR_PREFIX} --absolute-names ${P} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
-    if [ ${DRY_RUN} -ne 0 ]; then
-        echo $i
-        getfattr -d -m ${LIBVIRT_XATTR_PREFIX} $i
-        continue
-    fi
-
-    if [ ${QUIET} -eq 0 ]; then
-        echo "Fixing $i";
-    fi
-    for x in ${XATTRS[*]}; do
-        setfattr -x $x $i
+declare -a XATTRS
+for i in "dac" "selinux"; do
+    for p in ${LIBVIRT_XATTR_PREFIXES[@]}; do
+        XATTRS+=("$p.$i" "$p.ref_$i")
+    done
+done
+
+for p in ${LIBVIRT_XATTR_PREFIXES[*]}; do
+    for i in $(getfattr -R -d -m ${p} --absolute-names ${DIR} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
+        echo $i;
+        if [ ${DRY_RUN} -ne 0 ]; then
+            getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
+            continue
+        fi
+
+        if [ ${QUIET} -eq 0 ]; then
+            echo "Fixing $i";
+        fi
+        for x in ${XATTRS[*]}; do
+            setfattr -x $x $i
+        done
     done
 done