From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 11 Sep 2014 08:04:35 +0000 (+0200)
Subject: selinux: Properly check TAP FD label
X-Git-Tag: CVE-2014-3633~108
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b635b7a1af0e64754016d758376f382470bc11e7;p=thirdparty%2Flibvirt.git

selinux: Properly check TAP FD label

After a4431931 the TAP FDs ale labeled with image label instead
of the process label. On the other hand, the commit was
incomplete as a few lines above, there's still old check for the
process label presence while it should be check for the image
label instead.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 7064158e33..bf67fb501f 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2347,7 +2347,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
     virSecurityLabelDefPtr secdef;
 
     secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
-    if (!secdef || !secdef->label)
+    if (!secdef || !secdef->imagelabel)
         return 0;
 
     return virSecuritySELinuxFSetFilecon(fd, secdef->imagelabel);