From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 2 Dec 2020 09:24:21 +0000 (+0100)
Subject: libvirt_recover_xattrs: Use only the correct xattr prefix
X-Git-Tag: v7.0.0-rc1~307
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5377177f80da40ee7d47601400b50835f093715a;p=thirdparty%2Flibvirt.git

libvirt_recover_xattrs: Use only the correct xattr prefix

Linux and FreeBSD have different prefix. In the current state we've
tried to reset the labels for both systems which resulted in errors like
this:

Fixing /tmp/bitmaps2.qcow2
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported

The 6 failed 'setfattrs' correspond to the wrong prefix.

Select the correct prefix based on the kernel name and modify the code
appropriately.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/tools/libvirt_recover_xattrs.sh b/tools/libvirt_recover_xattrs.sh
index cb98497732..b7a8c05cf4 100755
--- a/tools/libvirt_recover_xattrs.sh
+++ b/tools/libvirt_recover_xattrs.sh
@@ -29,11 +29,6 @@ DIR="/"
 URI=("qemu:///system"
      "lxc:///system")
 
-# On Linux we use 'trusted' namespace, on FreeBSD we use 'system'
-# as there is no 'trusted'.
-LIBVIRT_XATTR_PREFIXES=("trusted.libvirt.security"
-                        "system.libvirt.security")
-
 if [ $(whoami) != "root" ]; then
     die "Must be run as root"
 fi
@@ -62,6 +57,21 @@ if [ $# -gt 0 ]; then
     DIR=$1
 fi
 
+case $(uname -s) in
+    Linux)
+        XATTR_PREFIX="trusted.libvirt.security"
+        ;;
+
+    FreeBSD)
+        XATTR_PREFIX="system.libvirt.security"
+        ;;
+
+    *)
+        die "$0 is not supported on this platform"
+        ;;
+esac
+
+
 if [ ${DRY_RUN} -eq 0 ]; then
     for u in ${URI[*]} ; do
         if [ -n "`virsh -q -c $u list 2>/dev/null`" ]; then
@@ -73,24 +83,20 @@ fi
 
 declare -a XATTRS
 for i in "dac" "selinux"; do
-    for p in ${LIBVIRT_XATTR_PREFIXES[@]}; do
-        XATTRS+=("$p.$i" "$p.ref_$i" "$p.timestamp_$i")
-    done
+    XATTRS+=("$XATTR_PREFIX.$i" "$XATTR_PREFIX.ref_$i" "$XATTR_PREFIX.timestamp_$i")
 done
 
-for p in ${LIBVIRT_XATTR_PREFIXES[*]}; do
-    for i in $(getfattr -R -d -m ${p} --absolute-names ${DIR} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
-        echo $i;
-        if [ ${DRY_RUN} -ne 0 ]; then
-            getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
-            continue
-        fi
 
-        if [ ${QUIET} -eq 0 ]; then
-            echo "Fixing $i";
-        fi
-        for x in ${XATTRS[*]}; do
-            setfattr -x $x $i
-        done
+for i in $(getfattr -R -d -m ${XATTR_PREFIX} --absolute-names ${DIR} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
+    if [ ${DRY_RUN} -ne 0 ]; then
+        getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
+        continue
+    fi
+
+    if [ ${QUIET} -eq 0 ]; then
+        echo "Fixing $i";
+    fi
+    for x in ${XATTRS[*]}; do
+        setfattr -x $x $i
     done
 done