git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Michal Privoznik <mprivozn@redhat.com>
	Tue, 11 Mar 2025 12:49:21 +0000 (13:49 +0100)
committer	Michal Privoznik <mprivozn@redhat.com>
	Tue, 11 Mar 2025 14:05:41 +0000 (15:05 +0100)
commit	fc47a37a7a8630cb93afb26c0ca09def731ce16d
tree	133769fcb78ac29b12e4dc1e635941240e266160	tree \| snapshot
parent	63c0f15f098db40356a623b91c60458b7f0b0243	commit \| diff

security: Don't stop restoring labels too early

The point of virSecurityManagerRestoreAllLabel() function is to
restore ALL labels and be tolerant to possible errors, i.e.
continue restoring seclabels and NOT return early.

Well, in two implementations of this internal API this type of
problem was found:

1) virSecurityDACRestoreAllLabel() returned early if
   virSecurityDACRestoreGraphicsLabel() failed, or when
   def->sec->sectype equals to an impossible value.

2) virSecuritySELinuxRestoreAllLabel() returned early if
   virSecuritySELinuxRestoreMemoryLabel() failed.

Fix all three places.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

src/security/security_dac.c		diff \| blob \| blame \| history
src/security/security_selinux.c		diff \| blob \| blame \| history