git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Wed, 13 Mar 2013 17:58:26 +0000 (17:58 +0000)
committer	Cole Robinson <crobinso@redhat.com>
	Mon, 1 Apr 2013 14:41:04 +0000 (10:41 -0400)
commit	6f290666dc8f16830b06783126cbefd3849d0a41
tree	d92768abdb158eb85f930624cab57817c72d22f1	tree
parent	afb32d4a2b43d21e5207370aa3a59bfbded1ab73	commit \| diff

Fix parsing of SELinux ranges without a category

Normally libvirtd should run with a SELinux label

  system_u:system_r:virtd_t:s0-s0:c0.c1023

If a user manually runs libvirtd though, it is sometimes
possible to get into a situation where it is running

  system_u:system_r:init_t:s0

The SELinux security driver isn't expecting this and can't
parse the security label since it lacks the ':c0.c1023' part
causing it to complain

  internal error Cannot parse sensitivity level in s0

This updates the parser to cope with this, so if no category
is present, libvirtd will hardcode the equivalent of c0.c1023.

Now this won't work if SELinux is in Enforcing mode, but that's
not an issue, because the user can only get into this problem
if in Permissive mode. This means they can now start VMs in
Permissive mode without hitting that parsing error

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 1732c1c62997b9f5ce39e5eb4d1ef2f842af73e1)

Conflicts:
src/security/security_selinux.c

src/security/security_selinux.c		diff \| blob \| blame \| history
tests/securityselinuxtest.c		diff \| blob \| blame \| history