Fix various test portability problems

[libvirt] [PATCH 3/4] security: avoid use of dirent d_type field

Posted by Daniel P. Berrangé 6 years, 10 months ago

The d_type field cannot be assumed to be filled. Some filesystems, such
as older XFS, will simply report DT_UNKNOWN.

Even if the d_type is filled in, the use of it in the SELinux functions
is dubious. If labelling all files in a directory there's no reason to
skip things which are not regular files. We merely need to skip "." and
"..", which is done by virDirRead() already.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 src/security/security_selinux.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 2fceb547b4..3611bb8ebe 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -3282,9 +3282,6 @@ virSecuritySELinuxSetFileLabels(virSecurityManagerPtr mgr,
         return -1;
 
     while ((ret = virDirRead(dir, &ent, path)) > 0) {
-        if (ent->d_type != DT_REG)
-            continue;
-
         if (virAsprintf(&filename, "%s/%s", path, ent->d_name) < 0) {
             ret = -1;
             break;
@@ -3334,7 +3331,8 @@ virSecuritySELinuxRestoreFileLabels(virSecurityManagerPtr mgr,
         return -1;
 
     while ((ret = virDirRead(dir, &ent, path)) > 0) {
-        if (ent->d_type != DT_REG)
+        if (STREQ(ent->d_name, ".") ||
+            STREQ(ent->d_name, ".."))
             continue;
 
         if (virAsprintf(&filename, "%s/%s", path, ent->d_name) < 0) {
-- 
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 3/4] security: avoid use of dirent d_type field

Posted by Michal Privoznik 6 years, 10 months ago

On 4/2/19 2:40 PM, Daniel P. Berrangé wrote:
> The d_type field cannot be assumed to be filled. Some filesystems, such
> as older XFS, will simply report DT_UNKNOWN.
> 
> Even if the d_type is filled in, the use of it in the SELinux functions
> is dubious. If labelling all files in a directory there's no reason to
> skip things which are not regular files. We merely need to skip "." and
> "..", which is done by virDirRead() already.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>   src/security/security_selinux.c | 6 ++----
>   1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index 2fceb547b4..3611bb8ebe 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -3282,9 +3282,6 @@ virSecuritySELinuxSetFileLabels(virSecurityManagerPtr mgr,
>           return -1;
>   
>       while ((ret = virDirRead(dir, &ent, path)) > 0) {
> -        if (ent->d_type != DT_REG)
> -            continue;
> -
>           if (virAsprintf(&filename, "%s/%s", path, ent->d_name) < 0) {
>               ret = -1;
>               break;
> @@ -3334,7 +3331,8 @@ virSecuritySELinuxRestoreFileLabels(virSecurityManagerPtr mgr,
>           return -1;
>   
>       while ((ret = virDirRead(dir, &ent, path)) > 0) {
> -        if (ent->d_type != DT_REG)
> +        if (STREQ(ent->d_name, ".") ||
> +            STREQ(ent->d_name, "..")) >               continue;

I believe you wanted to remove this hunk instead of changing it, right? 
"." and ".." are skipped by virDirRead() already.

>   
>           if (virAsprintf(&filename, "%s/%s", path, ent->d_name) < 0) {
> 

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 3/4] security: avoid use of dirent d_type field

Posted by Daniel P. Berrangé 6 years, 10 months ago

On Tue, Apr 02, 2019 at 03:27:47PM +0200, Michal Privoznik wrote:
> On 4/2/19 2:40 PM, Daniel P. Berrangé wrote:
> > The d_type field cannot be assumed to be filled. Some filesystems, such
> > as older XFS, will simply report DT_UNKNOWN.
> > 
> > Even if the d_type is filled in, the use of it in the SELinux functions
> > is dubious. If labelling all files in a directory there's no reason to
> > skip things which are not regular files. We merely need to skip "." and
> > "..", which is done by virDirRead() already.
> > 
> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> > ---
> >   src/security/security_selinux.c | 6 ++----
> >   1 file changed, 2 insertions(+), 4 deletions(-)
> > 
> > diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> > index 2fceb547b4..3611bb8ebe 100644
> > --- a/src/security/security_selinux.c
> > +++ b/src/security/security_selinux.c
> > @@ -3282,9 +3282,6 @@ virSecuritySELinuxSetFileLabels(virSecurityManagerPtr mgr,
> >           return -1;
> >       while ((ret = virDirRead(dir, &ent, path)) > 0) {
> > -        if (ent->d_type != DT_REG)
> > -            continue;
> > -
> >           if (virAsprintf(&filename, "%s/%s", path, ent->d_name) < 0) {
> >               ret = -1;
> >               break;
> > @@ -3334,7 +3331,8 @@ virSecuritySELinuxRestoreFileLabels(virSecurityManagerPtr mgr,
> >           return -1;
> >       while ((ret = virDirRead(dir, &ent, path)) > 0) {
> > -        if (ent->d_type != DT_REG)
> > +        if (STREQ(ent->d_name, ".") ||
> > +            STREQ(ent->d_name, "..")) >               continue;
> 
> I believe you wanted to remove this hunk instead of changing it, right? "."
> and ".." are skipped by virDirRead() already.

Yes, I forgot to commit the change before sending.

> 
> >           if (virAsprintf(&filename, "%s/%s", path, ent->d_name) < 0) {

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list