From nobody Mon Feb  9 06:27:14 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1569514939; cv=none;
	d=zoho.com; s=zohoarc;
	b=e21xPYxfpt3x8BhE1NaU0HXWaChYcZuOkpn3jCi/oNOvG/LlLZhgV3R7zd4KkGKEcc8/Z4GshWI0mPza4EB5LZoTCYSM45Q/kevPH/BgsBGlb/VflJABKxcZm1pp7ehO/4GtzLF4aa2WhDeqhj1KBQM6nG4U3YE2mTspJeSMF4g=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1569514939;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=W4T8I2CKInGiOXZfXLg0a+zB0svj+9/CuiEbT5z9Uaw=;
	b=C1xXeBvpb1U2+pu25HGfog5W8rBFkhbFDSwW6yW+4k+rKv+csaiGBmke1XTCvOS+9jX5pfeENYD8OjM6eotgz2yUEj/Cg6fszWjksaHbeXVsWkhKTUUZBICl3N0Z+uBdJZL6oPoFF7az8nNQUu80R0ghS5liZI3Kc7Vtxlb1rfQ=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1569514939240336.0510951917679;
 Thu, 26 Sep 2019 09:22:19 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id B465411A2A;
	Thu, 26 Sep 2019 16:22:17 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C77460605;
	Thu, 26 Sep 2019 16:22:17 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 47111180BA9B;
	Thu, 26 Sep 2019 16:22:17 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
	[10.5.11.14])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x8QGElHO003836 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 26 Sep 2019 12:14:47 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id D19D15D9CD; Thu, 26 Sep 2019 16:14:47 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.30])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5C87A5D9E1
	for <libvir-list@redhat.com>; Thu, 26 Sep 2019 16:14:44 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 26 Sep 2019 18:12:27 +0200
Message-Id: 
 <4f71d26b400cc9910910012e11cde8c2a65ac9b6.1569514291.git.mprivozn@redhat.com>
In-Reply-To: <cover.1569514290.git.mprivozn@redhat.com>
References: <cover.1569514290.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 31/39] security_selinux: Simplify
	virSecuritySELinuxSetImageLabelInternal
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]);
 Thu, 26 Sep 2019 16:22:18 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

This function calls virSecuritySELinuxSetFilecon() or
virSecuritySELinuxSetFileconOptional() from a lot of places.
It works, because in all places we're passing src->path which is
what we wanted. But not anymore. We will want to be able to pass
a different path and thus the function must be reworked a bit.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/security/security_selinux.c | 34 ++++++++++++---------------------
 1 file changed, 12 insertions(+), 22 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index e879fa39ab..3a00666d26 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1823,7 +1823,9 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityMa=
nagerPtr mgr,
     virSecurityDeviceLabelDefPtr disk_seclabel;
     virSecurityDeviceLabelDefPtr parent_seclabel =3D NULL;
     bool remember;
-    int ret;
+    const char *path =3D src->path;
+    const char *tcon =3D NULL;
+    int ret =3D -1;
=20
     if (!src->path || !virStorageSourceIsLocalStorage(src))
         return 0;
@@ -1856,40 +1858,28 @@ virSecuritySELinuxSetImageLabelInternal(virSecurity=
ManagerPtr mgr,
         if (!disk_seclabel->relabel)
             return 0;
=20
-        ret =3D virSecuritySELinuxSetFilecon(mgr, src->path,
-                                           disk_seclabel->label, remember);
+        tcon =3D disk_seclabel->label;
     } else if (parent_seclabel && (!parent_seclabel->relabel || parent_sec=
label->label)) {
         if (!parent_seclabel->relabel)
             return 0;
=20
-        ret =3D virSecuritySELinuxSetFilecon(mgr, src->path,
-                                           parent_seclabel->label, remembe=
r);
+        tcon =3D parent_seclabel->label;
     } else if (!parent || parent =3D=3D src) {
         if (src->shared) {
-            ret =3D virSecuritySELinuxSetFilecon(mgr,
-                                               src->path,
-                                               data->file_context,
-                                               remember);
+            tcon =3D data->file_context;
         } else if (src->readonly) {
-            ret =3D virSecuritySELinuxSetFilecon(mgr,
-                                               src->path,
-                                               data->content_context,
-                                               remember);
+            tcon =3D data->content_context;
         } else if (secdef->imagelabel) {
-            ret =3D virSecuritySELinuxSetFilecon(mgr,
-                                               src->path,
-                                               secdef->imagelabel,
-                                               remember);
+            tcon =3D secdef->imagelabel;
         } else {
-            ret =3D 0;
+            return 0;
         }
     } else {
-        ret =3D virSecuritySELinuxSetFilecon(mgr,
-                                           src->path,
-                                           data->content_context,
-                                           remember);
+        tcon =3D data->content_context;
     }
=20
+    ret =3D virSecuritySELinuxSetFilecon(mgr, path, tcon, remember);
+
     if (ret =3D=3D 1 && !disk_seclabel) {
         /* If we failed to set a label, but virt_use_nfs let us
          * proceed anyway, then we don't need to relabel later.  */
--=20
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list