selinux: Use fd_path instead of /dev/tap* to get context

author Dominick Grift <dac.override@gmail.com>

Tue, 7 Jan 2020 14:22:30 +0000 (15:22 +0100)

committer Daniel P. Berrangé <berrange@redhat.com>

Tue, 7 Jan 2020 14:44:32 +0000 (14:44 +0000)
author Dominick Grift <dac.override@gmail.com>
Tue, 7 Jan 2020 14:22:30 +0000 (15:22 +0100)
committer Daniel P. Berrangé <berrange@redhat.com>
Tue, 7 Jan 2020 14:44:32 +0000 (14:44 +0000)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c

index 32dc78d777c0750b39cbdee463793441348bda60..8c698966cb9c440bd38b68eb991c5f5f7a42f0d7 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -3251,7 +3251,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr,
          goto cleanup;
      }
  
-    /* Label /dev/tap.* devices only. Leave /dev/net/tun alone! */
+    /* Label /dev/tap([0-9]+)? devices only. Leave /dev/net/tun alone! */
      proc = g_strdup_printf("/proc/self/fd/%d", fd);
  
      if (virFileResolveLink(proc, &fd_path) < 0) {
@@ -3267,7 +3267,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr,
          goto cleanup;
      }
  
-    if (getContext(mgr, "/dev/tap*", buf.st_mode, &fcon) < 0) {
+    if (getContext(mgr, fd_path, buf.st_mode, &fcon) < 0) {
          virReportError(VIR_ERR_INTERNAL_ERROR,
                         _("cannot lookup default selinux label for tap fd %d"), fd);
          goto cleanup;
author	Dominick Grift <dac.override@gmail.com>
	Tue, 7 Jan 2020 14:22:30 +0000 (15:22 +0100)
committer	Daniel P. Berrangé <berrange@redhat.com>
	Tue, 7 Jan 2020 14:44:32 +0000 (14:44 +0000)