From: Michal Privoznik Date: Tue, 1 Oct 2019 08:30:05 +0000 (+0200) Subject: security: Try to lock only paths with remember == true X-Git-Tag: v5.9.0-rc1~311 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1a84a1ced16c168a8a6e1d44dde2b4b007ac5fe9;p=thirdparty%2Flibvirt.git security: Try to lock only paths with remember == true So far all items on the chown/setfilecon list have the same .remember value. But this will change shortly. Therefore, don't try to lock paths which we won't manipulate XATTRs for. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 4b4afef18a..5df50bdcf5 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -232,9 +232,11 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSED, return -1; for (i = 0; i < list->nItems; i++) { - const char *p = list->items[i]->path; + virSecurityDACChownItemPtr item = list->items[i]; + const char *p = item->path; - VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p); + if (item->remember) + VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p); } if (!(state = virSecurityManagerMetadataLock(list->manager, paths, npaths))) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index e879fa39ab..e3be724a2b 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -266,9 +266,11 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_UNUSED, return -1; for (i = 0; i < list->nItems; i++) { - const char *p = list->items[i]->path; + virSecuritySELinuxContextItemPtr item = list->items[i]; + const char *p = item->path; - VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p); + if (item->remember) + VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p); } if (!(state = virSecurityManagerMetadataLock(list->manager, paths, npaths)))