From nobody Sun Feb 8 17:46:31 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1585929503; cv=none; d=zohomail.com; s=zohoarc; b=NacIHE/pDD6MeE4/32DEhtUGlitIaqkFwxjItiITQkpK9bDzCnVmKZ2XDpADWJ+Wki4YHWo6a/v66yspQMCtvJ3znn7FWHi2nVRtkdKjVAbmKEsVbuW5jWvkPayYBFHpkDAagglJTH/qnRy9z3lIfw8Td9qIHRsoLh49WfNcweE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585929503; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=op7rAViyPVqT1Ay3bV8zaprdVqABZd95N+ZpCCa0h6I=; b=TUVNvWY5jr5u0r7yA1+gwFP6d30irwGy61d4fnsoWHAxvDMU6a15njEoaCpUYyoCNLA/tSJ65q9EtwqO8v8mZ3/9waCWOwgTH624MpE46+1rCoFEJotnjBC1hPm3VA3GsO15rcwsdSsYPehEkZd+P+jVPquC9YtVBa8/T1yHLzQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1585929503616422.18737977647106; Fri, 3 Apr 2020 08:58:23 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-208-Ou6pgI1rNpuCyjfzGZPyHw-1; Fri, 03 Apr 2020 11:58:20 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BCC98801E5E; Fri, 3 Apr 2020 15:58:13 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 958A3A63D5; Fri, 3 Apr 2020 15:58:13 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4D2AE4E45D; Fri, 3 Apr 2020 15:58:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 033Fw8In030522 for ; Fri, 3 Apr 2020 11:58:08 -0400 Received: by smtp.corp.redhat.com (Postfix) id C568F1147DF; Fri, 3 Apr 2020 15:58:08 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.192.193]) by smtp.corp.redhat.com (Postfix) with ESMTP id 41D361147DA for ; Fri, 3 Apr 2020 15:58:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585929502; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=op7rAViyPVqT1Ay3bV8zaprdVqABZd95N+ZpCCa0h6I=; b=UHZOheX+ZupILkviJFUwS31cxICe0Eze9T3KTxwtQvA97ltxWrmtGqnmr7Jw4WXD3hRUgl tbnPDcfjqrYytTW1uZTEjlcFmVaXPOFdBmvXYcDRIgcfgrRhxmKn+5RBjHrx67PSHjBknp tEplBolh4gC3YvJ6lZVFYy/vui8lO10= X-MC-Unique: Ou6pgI1rNpuCyjfzGZPyHw-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 1/3] selinux: Don't remember label for restore path Date: Fri, 3 Apr 2020 17:58:01 +0200 Message-Id: <81ddd7a4c7d67940481e9fbd393f94d41df06506.1585929444.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The seclabel for @stdin_path in virSecuritySELinuxSetAllLabel() is not restored, because at virSecuritySELinuxRestoreAllLabel() phase it's too late and the caller (QEMU driver) simply doesn't care. Well, don't remember the label and let the perms leak. Signed-off-by: Michal Privoznik --- src/security/security_selinux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 8aeb6e45a5..f47bfbdba9 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -3233,7 +3233,7 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr m= gr, =20 if (stdin_path && virSecuritySELinuxSetFilecon(mgr, stdin_path, - data->content_context, true) < 0) + data->content_context, false) < 0) return -1; =20 return 0; --=20 2.24.1