From nobody Sat May 4 21:23:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1578406975; cv=none; d=zohomail.com; s=zohoarc; b=L7m9BvKMVSuqYPvvQQUffcHEzRoJpG1IGt0M/cNXKC0Sa3nCM4ltK7hWRkgc19DtqI0vpRMqempOJAow0eE4Hu+A2PH6wD5KieFRg9MpP8UM4SmE7mkK6eVw+NRYML7E94I9pSO1cL8llejznPkBghq7euoI6WhU1qTKUwGFEO4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1578406975; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=CSAOplSrYO/GSzU6WYEFGHm/TuBUfEURqwQJALyj66k=; b=CR8vVZlaDBFAZiv1gaZeJI0J/uVfmAyttsOMPnMLKqmGGUotrOONGkMJz2ELo2/UbaXbZlrvTr5ZplBBBd08G4XUajPwhc2kR7ltS5nCXGGCfjITw0OCzu6sVN9Z0OiabxRKCzv2lbMZf3XI55hkmsgyE0ObPKnEAI3cs3bv0Do= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1578406975614217.0840719895226; Tue, 7 Jan 2020 06:22:55 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-227-m6NpoceOMsahOAz7e5SJKA-1; Tue, 07 Jan 2020 09:22:52 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6C7FF1800D4E; Tue, 7 Jan 2020 14:22:46 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 072065D9CA; Tue, 7 Jan 2020 14:22:46 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3F99B81C66; Tue, 7 Jan 2020 14:22:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 007EMgk0030447 for ; Tue, 7 Jan 2020 09:22:43 -0500 Received: by smtp.corp.redhat.com (Postfix) id D31391005E38; Tue, 7 Jan 2020 14:22:42 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CC5A01005E37 for ; Tue, 7 Jan 2020 14:22:41 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1147A8D772D for ; Tue, 7 Jan 2020 14:22:41 +0000 (UTC) Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-270-tBY10Ot3M0aDYmABtU0ndg-1; Tue, 07 Jan 2020 09:22:39 -0500 Received: by mail-wr1-f66.google.com with SMTP id y11so54133667wrt.6 for ; Tue, 07 Jan 2020 06:22:38 -0800 (PST) Received: from brutus.lan (brutus.defensec.nl. [2001:985:d55d::438]) by smtp.gmail.com with ESMTPSA id s16sm77105530wrn.78.2020.01.07.06.22.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2020 06:22:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1578406974; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=CSAOplSrYO/GSzU6WYEFGHm/TuBUfEURqwQJALyj66k=; b=jMLGi9yAdZwgU74PLxa/fripCTtbp2nHJEhnr0tlMBOLKXYtTwU/t/gSp4AiYqYUInXNow rbw7upe/Cw6mOHGwzGPhjI6ez9nF7+09Q3pxNaJMUDuiwjosIPkE0/GGl3M/HSr0Rf9d33 luXYRm+pmU5k/WX2GuOThDRCXpbd0nM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=53igfxbYsq3zhyjb8/kn4aV5TTsRzK6OnHIfWhVlHDc=; b=dk+7Zgn8Q0QbyQb0z5sZNK2EdXWB3CVZ5ZQM/4pLGuA9MbBez5NeZ9tdo5NZmXozPO uYWGMTgXTDke1E75UeQKPTn8qVi3iE9NPkrta6uoUZB/QE6nR7pgjUT7lqbByrWISfZr H2LVoNjWXlJXKLouJQ7vROz3q2ZYae+KF35AVQ455c26NM28kbWeAbAICeyEh08kWcO8 AaXFs2qYiKfar4jEcVMebN1RudkZr0gbXq+2YdblyEJktrKMFeQ8M+hu/6hcdCvNpzob sWS7iMzM3sTb+LtYK4lPn4kw6w7J72EVQGMAt4JPFCjKbBInwGwJBoJ3upznT6ubsXXy ftUA== X-Gm-Message-State: APjAAAWPgegwlKeBVhHTpzDLc2SmmpAcG3FE7ZjGMAQYNAWT1tOPCDgE 8ZNSgf7WiY2K98goHbLexK79VCj1 X-Google-Smtp-Source: APXvYqwzWHqdn7DL09yk0dzE0ZdMa1SV3z83TgvUWTTmw3jFqmWlJMAM8su8LZrkKcy2p8H/p5mHdQ== X-Received: by 2002:a5d:4fd0:: with SMTP id h16mr104824414wrw.255.1578406957774; Tue, 07 Jan 2020 06:22:37 -0800 (PST) From: Dominick Grift To: libvirt-list@redhat.com Date: Tue, 7 Jan 2020 15:22:30 +0100 Message-Id: <20200107142230.1482994-1-dac.override@gmail.com> MIME-Version: 1.0 X-MC-Unique: tBY10Ot3M0aDYmABtU0ndg-1 X-MC-Unique: m6NpoceOMsahOAz7e5SJKA-1 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 007EMgk0030447 X-loop: libvir-list@redhat.com Cc: Dominick Grift Subject: [libvirt] [PATCH v1] virSecuritySELinuxSetTapFDLabel: Use fd_path instead of /dev/tap* to get context X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" /dev/tap* is an invalid path but it works with lax policy. Make it work wit= h more accurate policy as well v1: fix typo in description Signed-off-by: Dominick Grift Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_selinux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 32dc78d777..8c698966cb 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -3251,7 +3251,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr= mgr, goto cleanup; } =20 - /* Label /dev/tap.* devices only. Leave /dev/net/tun alone! */ + /* Label /dev/tap([0-9]+)? devices only. Leave /dev/net/tun alone! */ proc =3D g_strdup_printf("/proc/self/fd/%d", fd); =20 if (virFileResolveLink(proc, &fd_path) < 0) { @@ -3267,7 +3267,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr= mgr, goto cleanup; } =20 - if (getContext(mgr, "/dev/tap*", buf.st_mode, &fcon) < 0) { + if (getContext(mgr, fd_path, buf.st_mode, &fcon) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot lookup default selinux label for tap fd %= d"), fd); goto cleanup; --=20 2.24.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list