From nobody Sat Feb  7 09:36:19 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1741697831748609.887927294741;
 Tue, 11 Mar 2025 05:57:11 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 2FFD81C30; Tue, 11 Mar 2025 08:57:11 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id A6C011C44;
	Tue, 11 Mar 2025 08:56:53 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 9A8981B86; Tue, 11 Mar 2025 08:56:50 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id DEE311B7B
	for <devel@lists.libvirt.org>; Tue, 11 Mar 2025 08:56:49 -0400 (EDT)
Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-663-s4pc_ReSNtqyuRfaOsitiw-1; Tue,
 11 Mar 2025 08:56:48 -0400
Received: from mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.40])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 5D96A180025A
	for <devel@lists.libvirt.org>; Tue, 11 Mar 2025 12:56:47 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.3.236])
	by mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id AB46819560AF
	for <devel@lists.libvirt.org>; Tue, 11 Mar 2025 12:56:46 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1741697809;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=pXy9oCdVLtxqQdWET4D6ZkLtqbm0wAtC1oFSW9Db4LY=;
	b=Y0hzLPHar4Tu2d6BYk+c0fir19K4odFP+UHPimLQ3LUFurZiCoQ8uN0uEKfz96Mwc29xCN
	4JIjgZpLRFrdGx0O7myYv8hDwFX2t2Xld1XuaymTF8gS3WHjtYh8odx3Yo2EVtiX2JEs8A
	+QJSB8El8OIhwQdgg7Q0LqH1/X5XbLA=
X-MC-Unique: s4pc_ReSNtqyuRfaOsitiw-1
X-Mimecast-MFC-AGG-ID: s4pc_ReSNtqyuRfaOsitiw_1741697807
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH] security: Don't stop restoring labels too early
Date: Tue, 11 Mar 2025 13:56:44 +0100
Message-ID: 
 <11bfb7ad87f0cb65eae58f036ef9aaf35be1e251.1741697686.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.0 on 10.30.177.40
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: kOE0jzT_o7Q0K6MZPZ-Pm9dUquq3uUDg1DvhDOW8U5o_1741697807
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: BM7YP245X3IE7SEUUGHXLAY5QPZ4V2PJ
X-Message-ID-Hash: BM7YP245X3IE7SEUUGHXLAY5QPZ4V2PJ
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/BM7YP245X3IE7SEUUGHXLAY5QPZ4V2PJ/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1741697833026019000
Content-Type: text/plain; charset="utf-8"; x-default="true"

The point of virSecurityManagerRestoreAllLabel() function is to
restore ALL labels and be tolerant to possible errors, i.e.
continue restoring seclabels and NOT return early.

Well, in two implementations of this internal API this type of
problem was found:

1) virSecurityDACRestoreAllLabel() returned early if
   virSecurityDACRestoreGraphicsLabel() failed, or when
   def->sec->sectype equals to an impossible value.

2) virSecuritySELinuxRestoreAllLabel() returned early if
   virSecuritySELinuxRestoreMemoryLabel() failed.

Fix all three places.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---

Inspired by this Peter's patch:

https://marc.info/?l=3Dlibvir-list&m=3D174169408218982&w=3D2

 src/security/security_dac.c     | 4 ++--
 src/security/security_selinux.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index e07977300f..3ecbc7277d 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1973,7 +1973,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
=20
     for (i =3D 0; i < def->ngraphics; i++) {
         if (virSecurityDACRestoreGraphicsLabel(mgr, def, def->graphics[i])=
 < 0)
-            return -1;
+            rc =3D -1;
     }
=20
     for (i =3D 0; i < def->ninputs; i++) {
@@ -2021,7 +2021,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
         case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
         case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
             virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sec=
type);
-            return -1;
+            rc =3D -1;
         }
     }
=20
diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 38e611f567..64e7f41ce0 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2969,7 +2969,7 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager =
*mgr,
=20
     for (i =3D 0; i < def->nmems; i++) {
         if (virSecuritySELinuxRestoreMemoryLabel(mgr, def, def->mems[i]) <=
 0)
-            return -1;
+            rc =3D -1;
     }
=20
     for (i =3D 0; i < def->ntpms; i++) {
--=20
2.48.1