]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
projects / thirdparty / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4eda71a)
security: don't fail if built without attr support v6.4.0-rc1
authorChristian Ehrhardt <christian.ehrhardt@canonical.com>
Tue, 26 May 2020 07:33:38 +0000 (09:33 +0200)
committerChristian Ehrhardt <christian.ehrhardt@canonical.com>
Wed, 27 May 2020 09:22:50 +0000 (11:22 +0200)
If built without attr support removing any image will trigger
 qemuBlockRemoveImageMetadata (the one that emits the warning)
   -> qemuSecurityMoveImageMetadata
     -> virSecurityManagerMoveImageMetadata
       -> virSecurityDACMoveImageMetadata
         -> virSecurityDACMoveImageMetadataHelper
           -> virProcessRunInFork (spawns subprocess)
             -> virSecurityMoveRememberedLabel

In there due to !HAVE_LIBATTR virFileGetXAttrQuiet will return
ENOSYS and from there the chain will error out.

That is wrong and looks like:
  libvirtd[6320]: internal error: child reported (status=125):
  libvirtd[6320]: Unable to remove disk metadata on vm testguest from
  /var/lib/uvtool/libvirt/images/testguest.qcow (disk target vda)

This change makes virSecurityDACMoveImageMetadataHelper and
virSecuritySELinuxMoveImageMetadataHelper accept that
error code gracefully and in that sense it is an extension of:
5214b2f1a3f "security: Don't skip label restore on file systems lacking XATTRs"
which does the same for other call chains into the virFile*XAttr functions.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
src/security/security_dac.c patch | blob | blame | history
src/security/security_selinux.c patch | blob | blame | history

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index bdc2d7edf33dc339c0dc9e168de0112f27e1ea82..7b95a6f86d031de97b7d7aa0196ac2206d4cc2f2 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1117,6 +1117,12 @@ virSecurityDACMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
 
     ret = virSecurityMoveRememberedLabel(SECURITY_DAC_NAME, data->src, data->dst);
     virSecurityManagerMetadataUnlock(data->mgr, &state);
+
+    if (ret == -2) {
+        /* Libvirt built without XATTRS */
+        ret = 0;
+    }
+
     return ret;
 }
 
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 9a929debe116f881d2165705996ab5d71c4f5c55..7bb7c2b7b15f8f69d45a50101d2c52f9a43fe32a 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1975,6 +1975,12 @@ virSecuritySELinuxMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
 
     ret = virSecurityMoveRememberedLabel(SECURITY_SELINUX_NAME, data->src, data->dst);
     virSecurityManagerMetadataUnlock(data->mgr, &state);
+
+    if (ret == -2) {
+        /* Libvirt built without XATTRS */
+        ret = 0;
+    }
+
     return ret;
 }
 
Mirror of https://github.com/libvirt/libvirt.git