From: Ján Tomko Date: Fri, 13 May 2016 14:16:55 +0000 (+0200) Subject: security: label the slic_table X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=5da23bbedf66a028b6bff6bcd5f3f453b4bbb3a9;p=libvirt.git security: label the slic_table Add support for the slic_table to the security drivers. --- diff --git a/src/security/security_dac.c b/src/security/security_dac.c index df3ed4793b..442ce70d17 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1218,6 +1218,11 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, def->os.dtb, user, group) < 0) return -1; + if (def->os.slic_table && + virSecurityDACSetOwnership(priv, NULL, + def->os.slic_table, user, group) < 0) + return -1; + return 0; } diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index b33d54a81d..aa61767e96 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2444,6 +2444,11 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr, data->content_context) < 0) return -1; + if (def->os.slic_table && + virSecuritySELinuxSetFilecon(mgr, def->os.slic_table, + data->content_context) < 0) + return -1; + if (stdin_path && virSecuritySELinuxSetFilecon(mgr, stdin_path, data->content_context) < 0) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 537e89d8c0..691bbdf63a 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -993,6 +993,10 @@ get_files(vahControl * ctl) if (vah_add_file(&buf, ctl->def->os.dtb, "r") != 0) goto cleanup; + if (ctl->def->os.slic_table) + if (vah_add_file(&buf, ctl->def->os.slic_table, "r") != 0) + goto cleanup; + if (ctl->def->os.loader && ctl->def->os.loader->path) if (vah_add_file(&buf, ctl->def->os.loader->path, "r") != 0) goto cleanup;