git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Tue, 19 Nov 2013 17:45:59 +0000 (17:45 +0000)
committer	Daniel P. Berrange <berrange@redhat.com>
	Wed, 20 Nov 2013 13:09:00 +0000 (13:09 +0000)
commit	2b510e49039ef435ca1bddcfe84f1b577d5a1f40
tree	c4e9d1b42e207e71a3842465fcbabb5fd9b25420	tree
parent	caaeb691a317b68290b672088c1b7933ea231ab1	commit \| diff

Fix off-by-1 in default SELinux MCS range

For a while we're have random failures of 'securityselinuxtest'
which were not at all reproducible. Fortunately we finally
caught a failure with VIR_TEST_DEBUG=1 enabled. This revealed

TEST: securityselinuxtest
1) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
2) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
3) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
4) GenLabel "dynamic virtd, s0, c0.c1023"                            ... OK
5) GenLabel "dynamic virtd, s0, c0.c10"                              ... OK
6) GenLabel "dynamic virtd, s2-s3, c0.c1023"                         ... OK
7) GenLabel "dynamic virtd, missing range"                           ... Category two 1024 is out of range 0-1023
FAILED
FAIL: securityselinuxtest

And sure enough we had an off-by-1 in the MCS range code when
the current process has no range set. The test suite randomly
allocates 2 categories from 0->1024 so the chances of hitting
this in the test suite were slim indeed :-)

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>