From 26705e02c1621763256a9137920616c13c72d6dc Mon Sep 17 00:00:00 2001 From: Olivia Yin Date: Thu, 14 Mar 2013 12:49:44 +0800 Subject: [PATCH] selinux: deal with dtb file --- src/security/security_dac.c | 8 ++++++++ src/security/security_selinux.c | 8 ++++++++ src/security/virt-aa-helper.c | 4 ++++ 3 files changed, 20 insertions(+) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 0b274b7b5..35b90da03 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -760,6 +760,10 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr, virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0) rc = -1; + if (def->os.dtb && + virSecurityDACRestoreSecurityFileLabel(def->os.dtb) < 0) + rc = -1; + return rc; } @@ -822,6 +826,10 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr, virSecurityDACSetOwnership(def->os.initrd, user, group) < 0) return -1; + if (def->os.dtb && + virSecurityDACSetOwnership(def->os.dtb, user, group) < 0) + return -1; + return 0; } diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index e77554401..1e0063758 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1765,6 +1765,10 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr, virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0) rc = -1; + if (def->os.dtb && + virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.dtb) < 0) + rc = -1; + return rc; } @@ -2161,6 +2165,10 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr, virSecuritySELinuxSetFilecon(def->os.initrd, data->content_context) < 0) return -1; + if (def->os.dtb && + virSecuritySELinuxSetFilecon(def->os.dtb, data->content_context) < 0) + return -1; + if (stdin_path) { if (virSecuritySELinuxSetFilecon(stdin_path, data->content_context) < 0 && virStorageFileIsSharedFSType(stdin_path, diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index c1a3ec9b0..f764f772a 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -993,6 +993,10 @@ get_files(vahControl * ctl) if (vah_add_file(&buf, ctl->def->os.initrd, "r") != 0) goto clean; + if (ctl->def->os.dtb) + if (vah_add_file(&buf, ctl->def->os.dtb, "r") != 0) + goto clean; + if (ctl->def->os.loader && ctl->def->os.loader) if (vah_add_file(&buf, ctl->def->os.loader, "r") != 0) goto clean; -- 2.39.5