1. Patchew
  2. Libvirt
  3. [libvirt] [PATCH v2 00/18] Implement original label remembering
  4. View patch

[libvirt] [PATCH v2 05/18] virSecurityDACTransactionRun: Implement rollback

Michal Privoznik posted 18 patches 7 years, 2 months ago
There is a newer version of this series
[libvirt] [PATCH v2 05/18] virSecurityDACTransactionRun: Implement rollback
Posted by Michal Privoznik 7 years, 2 months ago 
When iterating over list of paths/disk sources to relabel it may
happen that the process fails at some point. In that case, for
the sake of keeping seclabel refcount (stored in XATTRs) in sync
with reality we have to perform rollback. However, if that fails
too the only thing we can do is warn user.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_dac.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 8155c6d58a..82b16f96ee 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -229,7 +229,6 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSED,
     for (i = 0; i < list->nItems; i++) {
         virSecurityDACChownItemPtr item = list->items[i];
 
-        /* TODO Implement rollback */
         if (!item->restore) {
             rv = virSecurityDACSetOwnership(list->manager,
                                             item->src,
@@ -246,6 +245,19 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSED,
             break;
     }
 
+    for (; rv < 0 && i > 0; i--) {
+        virSecurityDACChownItemPtr item = list->items[i - 1];
+
+        if (!item->restore) {
+            virSecurityDACRestoreFileLabelInternal(list->manager,
+                                                   item->src,
+                                                   item->path);
+        } else {
+            VIR_WARN("Ignoring failed restore attempt on %s",
+                     NULLSTR(item->src ? item->src->path : item->path));
+        }
+    }
+
     if (list->lock)
         virSecurityManagerMetadataUnlock(list->manager, &state);
 
-- 
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 05/18] virSecurityDACTransactionRun: Implement rollback
Posted by Daniel P. Berrangé 7 years, 2 months ago 
On Thu, Nov 29, 2018 at 02:52:20PM +0100, Michal Privoznik wrote:
> When iterating over list of paths/disk sources to relabel it may
> happen that the process fails at some point. In that case, for
> the sake of keeping seclabel refcount (stored in XATTRs) in sync
> with reality we have to perform rollback. However, if that fails
> too the only thing we can do is warn user.
> 
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
>  src/security/security_dac.c | 14 +++++++++++++-
>  1 file changed, 13 insertions(+), 1 deletion(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.