From nobody Tue Apr 30 02:16:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1578398186; cv=none; d=zohomail.com; s=zohoarc; b=NuGX7ft55PO6LDRyQ5r2AItNFy+DZBFu14Ok3uOzH0mjLcS+nj9usxMWI4o3u7cI/YN3t6XB44bxuwqrTtOPg4YWsgF1cCb/4ED61tGHQAui5LoP4nbt0sapl9IB83C8SdeKtb6LtBn5UlzPP9cWbB5Ngm1AUKezzL7M1n8rw7Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1578398186; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=X7P/hNXAkvVYqqPvo+dzlR/0ihEi5d/8tVpn/OtNt0U=; b=geaJu3H5VE4b6779bwn6Ue7TDO3me8PJYLKo29cDUv96GqYBbepsYFZFMN3b2uu7+tcn47FtvrMOf/nqbAFWTygz3m+VKLssqNa/wtMrrq4dxkahPZW63NSpFIGbeqUkcxr1OJyakrxCkw+CzG0UbjOsq+jS5j/1kPxuTgWYIkY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1578398186230610.5544155704009; Tue, 7 Jan 2020 03:56:26 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-115-0BkG3uJiM2efkOJopPiX5Q-1; Tue, 07 Jan 2020 06:56:23 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BDDF11800D4E; Tue, 7 Jan 2020 11:56:17 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8EE5F1001901; Tue, 7 Jan 2020 11:56:17 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4D41A18089CD; Tue, 7 Jan 2020 11:56:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 007BsRbw019851 for ; Tue, 7 Jan 2020 06:54:28 -0500 Received: by smtp.corp.redhat.com (Postfix) id D4CB62166B29; Tue, 7 Jan 2020 11:54:27 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CF8DC2166B2B for ; Tue, 7 Jan 2020 11:54:25 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 57543801E84 for ; Tue, 7 Jan 2020 11:54:25 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-77-IulVHSY0PXSiyAyj_c4GCg-1; Tue, 07 Jan 2020 06:54:23 -0500 Received: by mail-wm1-f66.google.com with SMTP id f129so19084456wmf.2 for ; Tue, 07 Jan 2020 03:54:22 -0800 (PST) Received: from brutus.lan (brutus.defensec.nl. [2001:985:d55d::438]) by smtp.gmail.com with ESMTPSA id u7sm26409335wmj.3.2020.01.07.03.54.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2020 03:54:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1578398184; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=X7P/hNXAkvVYqqPvo+dzlR/0ihEi5d/8tVpn/OtNt0U=; b=US2c//MUugQqx5K3LPghDzhexhHzjO9QvWuxf9z32hBHqiZdVTk8NaSE6AHmUXBtRi8KgX J6xoWAXGksdU2cNRZx6Q++YWszQAFpgGqmhPGSJdxrGcCJxxx1LZ9g1mQXMPJOsuAgsJbl lajdGY8kGiLUVkX8AeCHlRLDmDEFYM8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=U2es7PUEhhhwwnsWXd/MFERFlmI+yZwJgunevLb42mg=; b=H8I5WPcXyuydx4DOqUlUVqckAQi78BH5m5l0tSUovNrJiIR2xX7v0AVHRUwNOcoqco 3KnqxwDQmLuG3wwKdfasUK6KzEDhtlgIDZT7JKz7TW26POuQk6VjtPRzhj97RG5lk4VJ MR4sf49eOeJJbqwC679MCgukiGFJ+78yPUJXpb0hH1a+DUt4munKqL1wRibo6bhJvvEl NIAARalJBUDTJBPyyAkyZxq1yHxE446fz3tYVUrQF97vRAF18PIhOAV4Mv51ADD4da7W wG6OOefXi4f6BSa4QmXqe2bawsa6fqSpkC3ztkM6AzcUGKlVsb/YnZzLzxRz70PMF6hP g4Aw== X-Gm-Message-State: APjAAAVCQXKYABNZmqtcD4bSAvaO+Js6HQ2G/imbO/nVosb4NEf3cloH 9dzoBgRPiVNshKem4jPSsUI1ladm X-Google-Smtp-Source: APXvYqyFWUyjGZvMO7ax3Rm87uDLZz9/VB2tZs0s50QiBqLWkrSTUlhLqjlojizhQ3WHTw8aRiiHvg== X-Received: by 2002:a7b:c407:: with SMTP id k7mr40680061wmi.46.1578398061791; Tue, 07 Jan 2020 03:54:21 -0800 (PST) From: Dominick Grift To: libvirt-list@redhat.com Date: Tue, 7 Jan 2020 12:54:02 +0100 Message-Id: <20200107115402.1427010-1-dac.override@gmail.com> MIME-Version: 1.0 X-MC-Unique: IulVHSY0PXSiyAyj_c4GCg-1 X-MC-Unique: 0BkG3uJiM2efkOJopPiX5Q-1 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 007BsRbw019851 X-loop: libvir-list@redhat.com X-Mailman-Approved-At: Tue, 07 Jan 2020 06:56:16 -0500 Cc: Dominick Grift Subject: [libvirt] [PATCH] virSecuritySELinuxSetTapFDLabel: Use fd_path instead of /dev/tap* to get context X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" /dev/tap* is an invalid path but it works with lacks policy. Make it work w= ith more accurate policy as well Signed-off-by: Dominick Grift --- src/security/security_selinux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 32dc78d777..8c698966cb 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -3251,7 +3251,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr= mgr, goto cleanup; } =20 - /* Label /dev/tap.* devices only. Leave /dev/net/tun alone! */ + /* Label /dev/tap([0-9]+)? devices only. Leave /dev/net/tun alone! */ proc =3D g_strdup_printf("/proc/self/fd/%d", fd); =20 if (virFileResolveLink(proc, &fd_path) < 0) { @@ -3267,7 +3267,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr= mgr, goto cleanup; } =20 - if (getContext(mgr, "/dev/tap*", buf.st_mode, &fcon) < 0) { + if (getContext(mgr, fd_path, buf.st_mode, &fcon) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot lookup default selinux label for tap fd %= d"), fd); goto cleanup; --=20 2.24.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list