From nobody Wed May 1 14:54:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623926707; cv=none; d=zohomail.com; s=zohoarc; b=lobDDEI4VlYiQyC+Leh6nroLFcbl3CO8PpGnqrSwHOWsrgnt+8xVVS4RSFoE2BiSeRcUOnBa2zz1nYBPvxy+FGsBchyP0wRv6LgI9XEfjQlV49nFnnRBHRquA/IAH3XciO07owY6Cpd/UfPsemFaxoIR8gpVLjdtbDSsusUcHyw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623926707; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=aMaHuGvzP34Qc4EKd6VkFl87eRUVNeAdctMWzWmx9js=; b=A7ZuHzHKCwnkwSuPyu0MmG1qc43rgpfoYalgI5Er62pwmDNwsMHQeD7aiObWG05JtDv06jqNmACEPvM8Isaie5eflbk8IDM2nqPscpra94XFoB0CzfJr0i87Es9+RP8KEup9Py2wqrYAu2oYmgpA1SmrKX3e7kz4U7s77gLJhAQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 162392670733340.305212443504274; Thu, 17 Jun 2021 03:45:07 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-373-SW-V9fK1OYijuwS909gQiw-1; Thu, 17 Jun 2021 06:45:04 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0006E1084F4A; Thu, 17 Jun 2021 10:44:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D81FA63B8C; Thu, 17 Jun 2021 10:44:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8AF0246F5D; Thu, 17 Jun 2021 10:44:58 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 15HAgETG018858 for ; Thu, 17 Jun 2021 06:42:14 -0400 Received: by smtp.corp.redhat.com (Postfix) id 9EC9B19D7D; Thu, 17 Jun 2021 10:42:14 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id EE92719D61 for ; Thu, 17 Jun 2021 10:42:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623926706; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=aMaHuGvzP34Qc4EKd6VkFl87eRUVNeAdctMWzWmx9js=; b=ETVBWdl/gprFWUiIt9vJCrDELzw4nBZd6k9IBkI9Wad0JJcSaoi2tP7KfW872N3UKuSV+H QMeNZ+bzRpa1lOhkR6sUOmxSYdiqnrhxboLVDYkrCjMH/kf2kscXN6/c4XigtSKORcEmI2 pfoRG/Kqr0cHm/qIfQsZiTCPP96ybAk= X-MC-Unique: SW-V9fK1OYijuwS909gQiw-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 1/8] security_dac: Use g_autofree Date: Thu, 17 Jun 2021 12:42:01 +0200 Message-Id: <2efab0526d50c7af524fa579eddcec46a0ba69ae.1623926317.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/security/security_dac.c | 107 +++++++++++++++--------------------- 1 file changed, 43 insertions(+), 64 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 76bfce7762..956e57247a 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -211,11 +211,10 @@ virSecurityDACTransactionRun(pid_t pid G_GNUC_UNUSED, { virSecurityDACChownList *list =3D opaque; virSecurityManagerMetadataLockState *state; - const char **paths =3D NULL; + g_autofree const char **paths =3D NULL; size_t npaths =3D 0; size_t i; int rv =3D 0; - int ret =3D -1; =20 if (list->lock) { paths =3D g_new0(const char *, list->nItems); @@ -229,7 +228,7 @@ virSecurityDACTransactionRun(pid_t pid G_GNUC_UNUSED, } =20 if (!(state =3D virSecurityManagerMetadataLock(list->manager, path= s, npaths))) - goto cleanup; + return -1; =20 for (i =3D 0; i < list->nItems; i++) { virSecurityDACChownItem *item =3D list->items[i]; @@ -287,12 +286,9 @@ virSecurityDACTransactionRun(pid_t pid G_GNUC_UNUSED, virSecurityManagerMetadataUnlock(list->manager, &state); =20 if (rv < 0) - goto cleanup; + return -1; =20 - ret =3D 0; - cleanup: - VIR_FREE(paths); - return ret; + return 0; } =20 =20 @@ -438,14 +434,11 @@ virSecurityDACRememberLabel(virSecurityDACData *priv = G_GNUC_UNUSED, uid_t uid, gid_t gid) { - char *label =3D NULL; - int ret =3D -1; + g_autofree char *label =3D NULL; =20 label =3D g_strdup_printf("+%u:+%u", (unsigned int)uid, (unsigned int)= gid); =20 - ret =3D virSecuritySetRememberedLabel(SECURITY_DAC_NAME, path, label); - VIR_FREE(label); - return ret; + return virSecuritySetRememberedLabel(SECURITY_DAC_NAME, path, label); } =20 /** @@ -469,8 +462,7 @@ virSecurityDACRecallLabel(virSecurityDACData *priv G_GN= UC_UNUSED, uid_t *uid, gid_t *gid) { - char *label; - int ret =3D -1; + g_autofree char *label =3D NULL; int rv; =20 rv =3D virSecurityGetRememberedLabel(SECURITY_DAC_NAME, path, &label); @@ -481,12 +473,9 @@ virSecurityDACRecallLabel(virSecurityDACData *priv G_G= NUC_UNUSED, return 1; =20 if (virParseOwnershipIds(label, uid, gid) < 0) - goto cleanup; + return -1; =20 - ret =3D 0; - cleanup: - VIR_FREE(label); - return ret; + return 0; } =20 static virSecurityDriverStatus @@ -512,8 +501,8 @@ static int virSecurityDACClose(virSecurityManager *mgr) { virSecurityDACData *priv =3D virSecurityManagerGetPrivateData(mgr); - VIR_FREE(priv->groups); - VIR_FREE(priv->baselabel); + g_clear_pointer(&priv->groups, g_free); + g_clear_pointer(&priv->baselabel, g_free); return 0; } =20 @@ -536,7 +525,7 @@ virSecurityDACPreFork(virSecurityManager *mgr) virSecurityDACData *priv =3D virSecurityManagerGetPrivateData(mgr); int ngroups; =20 - VIR_FREE(priv->groups); + g_clear_pointer(&priv->groups, g_free); priv->ngroups =3D 0; if ((ngroups =3D virGetGroupList(priv->user, priv->group, &priv->groups)) < 0) @@ -1500,8 +1489,8 @@ virSecurityDACSetChardevLabelHelper(virSecurityManage= r *mgr, virSecurityDACData *priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityLabelDef *seclabel; virSecurityDeviceLabelDef *chr_seclabel =3D NULL; - char *in =3D NULL, *out =3D NULL; - int ret =3D -1; + g_autofree char *in =3D NULL; + g_autofree char *out =3D NULL; uid_t user; gid_t group; =20 @@ -1529,9 +1518,11 @@ virSecurityDACSetChardevLabelHelper(virSecurityManag= er *mgr, switch ((virDomainChrType)dev_source->type) { case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_FILE: - ret =3D virSecurityDACSetOwnership(mgr, NULL, - dev_source->data.file.path, - user, group, remember); + if (virSecurityDACSetOwnership(mgr, NULL, + dev_source->data.file.path, + user, group, remember) < 0) { + return -1; + } break; =20 case VIR_DOMAIN_CHR_TYPE_PIPE: @@ -1539,14 +1530,14 @@ virSecurityDACSetChardevLabelHelper(virSecurityMana= ger *mgr, out =3D g_strdup_printf("%s.out", dev_source->data.file.path); if (virFileExists(in) && virFileExists(out)) { if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, rem= ember) < 0 || - virSecurityDACSetOwnership(mgr, NULL, out, user, group, re= member) < 0) - goto done; + virSecurityDACSetOwnership(mgr, NULL, out, user, group, re= member) < 0) { + return -1; + } } else if (virSecurityDACSetOwnership(mgr, NULL, dev_source->data.file.path, user, group, remember) < 0) { - goto done; + return -1; } - ret =3D 0; break; =20 case VIR_DOMAIN_CHR_TYPE_UNIX: @@ -1558,10 +1549,10 @@ virSecurityDACSetChardevLabelHelper(virSecurityMana= ger *mgr, * and passed via FD */ if (virSecurityDACSetOwnership(mgr, NULL, dev_source->data.nix.path, - user, group, remember) < 0) - goto done; + user, group, remember) < 0) { + return -1; + } } - ret =3D 0; break; =20 case VIR_DOMAIN_CHR_TYPE_SPICEPORT: @@ -1574,14 +1565,10 @@ virSecurityDACSetChardevLabelHelper(virSecurityMana= ger *mgr, case VIR_DOMAIN_CHR_TYPE_SPICEVMC: case VIR_DOMAIN_CHR_TYPE_NMDM: case VIR_DOMAIN_CHR_TYPE_LAST: - ret =3D 0; break; } =20 - done: - VIR_FREE(in); - VIR_FREE(out); - return ret; + return 0; } =20 =20 @@ -1604,8 +1591,8 @@ virSecurityDACRestoreChardevLabelHelper(virSecurityMa= nager *mgr, bool recall) { virSecurityDeviceLabelDef *chr_seclabel =3D NULL; - char *in =3D NULL, *out =3D NULL; - int ret =3D -1; + g_autofree char *in =3D NULL; + g_autofree char *out =3D NULL; =20 chr_seclabel =3D virDomainChrSourceDefGetSecurityLabelDef(dev_source, SECURITY_DAC_N= AME); @@ -1621,9 +1608,11 @@ virSecurityDACRestoreChardevLabelHelper(virSecurityM= anager *mgr, switch ((virDomainChrType)dev_source->type) { case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_FILE: - ret =3D virSecurityDACRestoreFileLabelInternal(mgr, NULL, - dev_source->data.file= .path, - recall); + if (virSecurityDACRestoreFileLabelInternal(mgr, NULL, + dev_source->data.file.p= ath, + recall) < 0) { + return -1; + } break; =20 case VIR_DOMAIN_CHR_TYPE_PIPE: @@ -1631,14 +1620,14 @@ virSecurityDACRestoreChardevLabelHelper(virSecurity= Manager *mgr, in =3D g_strdup_printf("%s.in", dev_source->data.file.path); if (virFileExists(in) && virFileExists(out)) { if (virSecurityDACRestoreFileLabelInternal(mgr, NULL, out, rec= all) < 0 || - virSecurityDACRestoreFileLabelInternal(mgr, NULL, in, reca= ll) < 0) - goto done; + virSecurityDACRestoreFileLabelInternal(mgr, NULL, in, reca= ll) < 0) { + return -1; + } } else if (virSecurityDACRestoreFileLabelInternal(mgr, NULL, dev_source->data= .file.path, recall) < 0) { - goto done; + return -1; } - ret =3D 0; break; =20 case VIR_DOMAIN_CHR_TYPE_UNIX: @@ -1646,9 +1635,8 @@ virSecurityDACRestoreChardevLabelHelper(virSecurityMa= nager *mgr, virSecurityDACRestoreFileLabelInternal(mgr, NULL, dev_source->data.nix.pa= th, recall) < 0) { - goto done; + return -1; } - ret =3D 0; break; =20 case VIR_DOMAIN_CHR_TYPE_NULL: @@ -1661,14 +1649,10 @@ virSecurityDACRestoreChardevLabelHelper(virSecurity= Manager *mgr, case VIR_DOMAIN_CHR_TYPE_SPICEPORT: case VIR_DOMAIN_CHR_TYPE_NMDM: case VIR_DOMAIN_CHR_TYPE_LAST: - ret =3D 0; break; } =20 - done: - VIR_FREE(in); - VIR_FREE(out); - return ret; + return 0; } =20 =20 @@ -2378,8 +2362,7 @@ virSecurityDACGetProcessLabelInternal(pid_t pid, virSecurityLabelPtr seclabel) { struct stat sb; - char *path =3D NULL; - int ret =3D -1; + g_autofree char *path =3D NULL; =20 VIR_DEBUG("Getting DAC user and group on process '%d'", pid); =20 @@ -2389,16 +2372,12 @@ virSecurityDACGetProcessLabelInternal(pid_t pid, virReportSystemError(errno, _("unable to get uid and gid for PID %d via p= rocfs"), pid); - goto cleanup; + return -1; } =20 g_snprintf(seclabel->label, VIR_SECURITY_LABEL_BUFLEN, "+%u:+%u", (unsigned int)sb.st_uid, (unsigned int)sb.st_gid= ); - ret =3D 0; - - cleanup: - VIR_FREE(path); - return ret; + return 0; } #elif defined(__FreeBSD__) static int --=20 2.31.1 From nobody Wed May 1 14:54:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623926698; cv=none; d=zohomail.com; s=zohoarc; b=J7Mh4qCFuGpVIxqDrvNDYhwSn21PX+OddbsV2v/63lT4Vjyk/fusZ3hxnTqGDybduR4kEzU2D70ubCWDdta9aO+LhvfjeRgFujKrKcshCtWoULBGzx1RzraX6lNYsmfdJ86ieQY2it1KFCgHvtHznaMnRWvjOwEceb6zVlAd+JY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623926698; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=pxDiU1BNQdrLVdxPyTBc6NOsbMcRRLX6gL3BkN0r1SE=; b=cjN5/yaufD0wq6KPM/N4FSSrcev6vMiREkHsvggcGlCTnJb7T9ed5uaPnN9IOZIShaO2ctTJ+2aw7SLhtyTxK+pNvx8wADZSKPrPLO7HOKnYtg36NwW/9EwkqQ9qy+WZ/R1n7L2vAz+wSgI895T0aW3ayZPVlJsZck22VTdYMZM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623926698441629.1679519403469; Thu, 17 Jun 2021 03:44:58 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-249-UVRvAzDyPBKiHIc4CrvvlQ-1; Thu, 17 Jun 2021 06:44:56 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B8DFE1084F46; Thu, 17 Jun 2021 10:44:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 90A495B4A1; Thu, 17 Jun 2021 10:44:50 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C2E761809CAD; Thu, 17 Jun 2021 10:44:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 15HAgFrJ018865 for ; Thu, 17 Jun 2021 06:42:15 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7936C19D7D; Thu, 17 Jun 2021 10:42:15 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id F066D19D61 for ; Thu, 17 Jun 2021 10:42:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623926697; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=pxDiU1BNQdrLVdxPyTBc6NOsbMcRRLX6gL3BkN0r1SE=; b=GIT9lUkZ/R6akUWnrX0+yA7mZmQQ67Zd9ajy7mxfuheTZhwecINjyUocGtAs/40x4MO7oU gbvFqYX4ah6lR3Cm4c8RkvDTcj+5R8tw5lR7yml8ZdsQ7y9+BLHNkyF2T9nBzHu393o11L C0FbIx5X30dpRh6vBlW9/3690IYLM8A= X-MC-Unique: UVRvAzDyPBKiHIc4CrvvlQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 2/8] security_dac: Introduce virSecurityDACChownItemFree() Date: Thu, 17 Jun 2021 12:42:02 +0200 Message-Id: <27b5fb2fea94f4a7a71f3f96a68e1bbe781b8bf9.1623926317.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Introduce a function that frees individual items on the chown list and declare and use g_autoptr() for it. Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/security/security_dac.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 956e57247a..70617759c9 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -89,6 +89,18 @@ struct _virSecurityDACChownList { =20 virThreadLocal chownList; =20 +static void +virSecurityDACChownItemFree(virSecurityDACChownItem *item) +{ + if (!item) + return; + + g_free(item->path); + g_free(item); +} + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSecurityDACChownItem, virSecurityDACChown= ItemFree); + static int virSecurityDACChownListAppend(virSecurityDACChownList *list, const char *path, @@ -98,15 +110,11 @@ virSecurityDACChownListAppend(virSecurityDACChownList = *list, bool remember, bool restore) { - int ret =3D -1; - char *tmp =3D NULL; - virSecurityDACChownItem *item =3D NULL; + g_autoptr(virSecurityDACChownItem) item =3D NULL; =20 item =3D g_new0(virSecurityDACChownItem, 1); =20 - tmp =3D g_strdup(path); - - item->path =3D g_steal_pointer(&tmp); + item->path =3D g_strdup(path); item->src =3D src; item->uid =3D uid; item->gid =3D gid; @@ -114,13 +122,9 @@ virSecurityDACChownListAppend(virSecurityDACChownList = *list, item->restore =3D restore; =20 if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0) - goto cleanup; + return -1; =20 - ret =3D 0; - cleanup: - VIR_FREE(tmp); - VIR_FREE(item); - return ret; + return 0; } =20 static void @@ -132,10 +136,8 @@ virSecurityDACChownListFree(void *opaque) if (!list) return; =20 - for (i =3D 0; i < list->nItems; i++) { - g_free(list->items[i]->path); - g_free(list->items[i]); - } + for (i =3D 0; i < list->nItems; i++) + virSecurityDACChownItemFree(list->items[i]); g_free(list->items); virObjectUnref(list->manager); g_free(list); --=20 2.31.1 From nobody Wed May 1 14:54:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623926763; cv=none; d=zohomail.com; s=zohoarc; b=iY/1+dYRdJMgbKe131J150cxm5YwjijGb69CFwPLSTSIu5efI1MPcMyTKHyob/whxtmxTXwseZBTQOGjatgix8PFT7LyQX11Lr159NZjCToXVHtQANyy3iFNgUc+cqpGFt86DAAQ8kKMrangJPz/mxY41huKvveqQPMcOsEVC38= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623926763; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=g5T+LjQ0cWr6IuOtp6eJTxqctvCfkly9N6A3oe0rV0U=; b=gbsQNLU0nhjAr5jOpg/wFjD5l2+dNNtaCzOxPY11faDT8ZK5R9/7pqB2YJeiw7Kbc6GT24e2FUGwRo4+lUrhT9FC3ITNNFjbDIk7FJ0adE631P5qdvEPpJRRFY7ukjyTTMEpTzgEIoGZ2dy+y+wVHSSAx3OG3qvi39xjRXvED2U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1623926763785563.7636255539678; Thu, 17 Jun 2021 03:46:03 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-586-I3GujYJqPeiuTc0ifpeQ0A-1; Thu, 17 Jun 2021 06:45:07 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 42698802575; Thu, 17 Jun 2021 10:45:02 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 176B51007623; Thu, 17 Jun 2021 10:45:02 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C800B46F5F; Thu, 17 Jun 2021 10:45:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 15HAgGZr018874 for ; Thu, 17 Jun 2021 06:42:16 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5356B19D9D; Thu, 17 Jun 2021 10:42:16 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id CB4B819D7D for ; Thu, 17 Jun 2021 10:42:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623926762; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=g5T+LjQ0cWr6IuOtp6eJTxqctvCfkly9N6A3oe0rV0U=; b=fbk4J92VALylvuAK5zPnwSAtH2Rp3qyS1i+P84Q7L3nYgKXLMYaxV53Td0pBLIvZ6LkyR+ sxZ4C+4pLzyhO2O2oo0odgxU+2IxEbke5++v53TE/YCYJFNberINZSzFroZWHITS/Y4yjC jaXkhIvfVAEytxR6Z1ZM5nH/XksgmFc= X-MC-Unique: I3GujYJqPeiuTc0ifpeQ0A-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 3/8] security_dac: Introduce g_autoptr for virSecurityDACChownList Date: Thu, 17 Jun 2021 12:42:03 +0200 Message-Id: <000a4dc6fe6d688e1ba5caa1c09cfc26ba5497c8.1623926317.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/security/security_dac.c | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 70617759c9..6b8ff5cdef 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -143,6 +143,8 @@ virSecurityDACChownListFree(void *opaque) g_free(list); } =20 +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSecurityDACChownList, virSecurityDACChown= ListFree); + =20 /** * virSecurityDACTransactionAppend: @@ -552,10 +554,9 @@ virSecurityDACPreFork(virSecurityManager *mgr) static int virSecurityDACTransactionStart(virSecurityManager *mgr) { - virSecurityDACChownList *list; + g_autoptr(virSecurityDACChownList) list =3D NULL; =20 - list =3D virThreadLocalGet(&chownList); - if (list) { + if (virThreadLocalGet(&chownList)) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Another relabel transaction is already started")= ); return -1; @@ -568,9 +569,9 @@ virSecurityDACTransactionStart(virSecurityManager *mgr) if (virThreadLocalSet(&chownList, list) < 0) { virReportSystemError(errno, "%s", _("Unable to set thread local variable")); - virSecurityDACChownListFree(list); return -1; } + list =3D NULL; =20 return 0; } @@ -601,21 +602,20 @@ virSecurityDACTransactionCommit(virSecurityManager *m= gr G_GNUC_UNUSED, pid_t pid, bool lock) { - virSecurityDACChownList *list; + g_autoptr(virSecurityDACChownList) list =3D NULL; int rc; - int ret =3D -1; =20 list =3D virThreadLocalGet(&chownList); if (!list) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("No transaction is set")); - goto cleanup; + return -1; } =20 if (virThreadLocalSet(&chownList, NULL) < 0) { virReportSystemError(errno, "%s", _("Unable to clear thread local variable")); - goto cleanup; + return -1; } =20 list->lock =3D lock; @@ -628,7 +628,7 @@ virSecurityDACTransactionCommit(virSecurityManager *mgr= G_GNUC_UNUSED, if (virGetLastErrorCode() =3D=3D VIR_ERR_SYSTEM_ERROR) pid =3D -1; else - goto cleanup; + return -1; } } =20 @@ -640,12 +640,9 @@ virSecurityDACTransactionCommit(virSecurityManager *mg= r G_GNUC_UNUSED, } =20 if (rc < 0) - goto cleanup; + return -1; =20 - ret =3D 0; - cleanup: - virSecurityDACChownListFree(list); - return ret; + return 0; } =20 /** @@ -657,7 +654,7 @@ virSecurityDACTransactionCommit(virSecurityManager *mgr= G_GNUC_UNUSED, static void virSecurityDACTransactionAbort(virSecurityManager *mgr G_GNUC_UNUSED) { - virSecurityDACChownList *list; + g_autoptr(virSecurityDACChownList) list =3D NULL; =20 list =3D virThreadLocalGet(&chownList); if (!list) @@ -665,7 +662,6 @@ virSecurityDACTransactionAbort(virSecurityManager *mgr = G_GNUC_UNUSED) =20 if (virThreadLocalSet(&chownList, NULL) < 0) VIR_DEBUG("Unable to clear thread local variable"); - virSecurityDACChownListFree(list); } =20 =20 --=20 2.31.1 From nobody Wed May 1 14:54:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623926757; cv=none; d=zohomail.com; s=zohoarc; b=GOFXnwsqCnW/UW0i1ceA63GRH7TIB/pW72BWkjhjiyiP/JUyP5Q5TpQjit3bx5bDfHZMNKsHuEIAS2gM7xrXBfb/uzLWQHHaa7uixm0jslnGLlXP9xGt+gEQQzwoYLJkJZmO1WOFuJCN7YaCwlKOjiQxSDQlHs4usW5vfT3OfkQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623926757; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=lvAE9CkNnF/DEhNtHOXAoSzvLdRw1dnNlPspAYsu1sM=; b=S2DZ4w7dMs1if34FNl1Xp2h23JCMNivEnFADaHPPjFjvt+JtA4HsV85F+H/UobltDq6fZzZLcGq//u650qJ9LwBU0GaJD4Jjajl9wx01ndMy++JkFZ+uIAR6BJ0iwQMfTtC2F09jOCxfrJ6R3kEH+5k4EMN5e8olfaxRYHA/JE0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623926757765919.6159340995437; Thu, 17 Jun 2021 03:45:57 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-573-bnSZuqF2OtyS764lYlVS-g-1; Thu, 17 Jun 2021 06:45:55 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1F215100C611; Thu, 17 Jun 2021 10:45:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F069660FC2; Thu, 17 Jun 2021 10:45:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BBB8B46F59; Thu, 17 Jun 2021 10:45:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 15HAgHHD018881 for ; Thu, 17 Jun 2021 06:42:17 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2C56619D61; Thu, 17 Jun 2021 10:42:17 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id A428B19D7D for ; Thu, 17 Jun 2021 10:42:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623926756; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=lvAE9CkNnF/DEhNtHOXAoSzvLdRw1dnNlPspAYsu1sM=; b=FOQrc+NXizTduJkc5E1dYTKFTajFXimuK7fVWxlmUX3q1yoJjJB2MdZPyv8bFJwt7+FqcY qUbx2IsQNCnq0I9JuzVtoXvPsdu6iTDXrL5UcwhRiQW5mbr5HsE6S4rnbUuCfG7xqpGHRO KzbqGpwfwhr+Lpm9XYGTyqihBkn2tCM= X-MC-Unique: bnSZuqF2OtyS764lYlVS-g-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 4/8] security_dac: Don't check for !priv in virSecurityDACSetOwnershipInternal() Date: Thu, 17 Jun 2021 12:42:04 +0200 Message-Id: <5a6d8e8067d289475072f5269be26a0f6a297316.1623926317.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The virSecurityDACSetOwnershipInternal() has two callers and in both the private data (@priv) is obtained via virSecurityManagerGetPrivateData(). But in case of DAC driver the private data can never be NULL. This is because the private data is allocated in virSecurityManagerNewDriver() according to .privateDataLen attribute of secdriver. In case of DAC driver the attribute is set to sizeof(virSecurityDACData). NB, no other function within DAC driver checks for !priv. Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/security/security_dac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 6b8ff5cdef..b6323a7df1 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -677,7 +677,7 @@ virSecurityDACSetOwnershipInternal(const virSecurityDAC= Data *priv, /* Be aware that this function might run in a separate process. * Therefore, any driver state changes would be thrown away. */ =20 - if (priv && src && priv->chownCallback) { + if (src && priv->chownCallback) { rc =3D priv->chownCallback(src, uid, gid); /* here path is used only for error messages */ path =3D NULLSTR(src->path); --=20 2.31.1 From nobody Wed May 1 14:54:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623926766; cv=none; d=zohomail.com; s=zohoarc; b=Up0HmNx/JJw7WPPmdL3eAgfHhxUFRo1hfcPezwuySCqLR5pF/jy/+FPIeTXzQn40gqosZ/C0seJVRiPLGvisddhrCHAjBqKUR5KaJW8UFUgo+ARzoXNOzGaf/sYjJydPh7FWk2/iYPp2EehBVojoVipO1XND5QAVANvodQKtNQM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623926766; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=cVHBRIkkLy5Y+iKKJQtXbQhNS56lYSLSiPQKhncECUo=; b=JyfwE3TD+I/tpB1DnMAmOF03IIkbQOEuWF4zgWD4GOevfYi+dshvv9dUSIjIUjoglGASKZ/LE3YDgmUucoRI3qCf8nWzeR3bMojmWoJclCIRghsd69zLKTmKPWQfSQ3WmIV6+fCqDOQYpIuqX4AAWRxQVN72E3qaD0Em5oXsV0U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623926766162362.5201933775995; Thu, 17 Jun 2021 03:46:06 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-463-nmdJb1TmN2m5TkeXXHUe0Q-1; Thu, 17 Jun 2021 06:45:11 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6CB4F8186E9; Thu, 17 Jun 2021 10:45:05 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 42D425D6D1; Thu, 17 Jun 2021 10:45:05 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D1B7646F67; Thu, 17 Jun 2021 10:45:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 15HAgIku018895 for ; Thu, 17 Jun 2021 06:42:18 -0400 Received: by smtp.corp.redhat.com (Postfix) id 061E319D7D; Thu, 17 Jun 2021 10:42:18 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7D6AB19D61 for ; Thu, 17 Jun 2021 10:42:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623926764; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=cVHBRIkkLy5Y+iKKJQtXbQhNS56lYSLSiPQKhncECUo=; b=P7jpHy8hUoV3DokFzV79NkhPZcHSaRppIzSLd3vLkdwUmLtUaNPZ29l1BSKwsW6r1evqHu wKR2Lo/BYMwo7sM0AN9RnyUAww+wK+Y1EYSiIHHecnL7Hfu10XnfOFa3zk5qK5/s3Y3A6F djNHbJ0aSxcmuHCap1w/3Pouwn7zFkE= X-MC-Unique: nmdJb1TmN2m5TkeXXHUe0Q-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 5/8] virSecurityDACSetOwnershipInternal: Drop dead code Date: Thu, 17 Jun 2021 12:42:05 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The virSecurityDACSetOwnershipInternal() function accepts two arguments (among others): @path and @src. The idea being that in some cases @path is NULL and @src is not and then @path is filled from @src->path. However, this is done in both callers already (because of seclabel remembering/recall). Therefore, this code in virSecurityDACSetOwnershipInternal() is dead, effectively. Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/security/security_dac.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index b6323a7df1..e2a6461375 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -688,15 +688,8 @@ virSecurityDACSetOwnershipInternal(const virSecurityDA= CData *priv, } else { struct stat sb; =20 - if (!path) { - if (!src || !src->path) - return 0; - - if (!virStorageSourceIsLocalStorage(src)) - return 0; - - path =3D src->path; - } + if (!path) + return 0; =20 if (stat(path, &sb) < 0) { virReportSystemError(errno, _("unable to stat: %s"), path); --=20 2.31.1 From nobody Wed May 1 14:54:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623926707; cv=none; d=zohomail.com; s=zohoarc; b=jmO/GIvKxJG9xqstRXj4pzgyE9CzEDilJVlbcE7HWrBnmRXTXftcRHp8fcs7YQ4rN1KIAhSBVc79QtP7a6JHpg8j9EJ4uxFhtvHjjHFunAXJ+LF/RGB6WG9+ViRCaZUUQU38cIgRWIKvMV9MPvkgz7VI8sW6FaF79IPIOVzUWZM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623926707; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=RH6jpkMxUGCCvJ4CRsC9TVEiIp0ohmAxT4j0QJzavJs=; b=Ex4yUusaAs4FFt10/qINeADu7bARtbpu2ImYaP8OqOJ3RRiPYkPlFn72cZUALvvso0sxX4CYp02zgaL05hzjx9O8vW54LYcSZJcjOjl63YICtH7hcTZjCt0+OP81zWA6dDDkLEvwxpUWfXe7dffFgpv+/yGwy0VAp2T3AdjR0Mg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 162392670753766.86395086308448; Thu, 17 Jun 2021 03:45:07 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-419-Hs7Irs4TPqypoGRuOR4sGQ-1; Thu, 17 Jun 2021 06:45:04 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E841C8018A7; Thu, 17 Jun 2021 10:44:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C836F60CCB; Thu, 17 Jun 2021 10:44:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8B31846F5E; Thu, 17 Jun 2021 10:44:58 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 15HAgIk4018932 for ; Thu, 17 Jun 2021 06:42:18 -0400 Received: by smtp.corp.redhat.com (Postfix) id D3E5D19D61; Thu, 17 Jun 2021 10:42:18 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5798319D7D for ; Thu, 17 Jun 2021 10:42:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623926706; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=RH6jpkMxUGCCvJ4CRsC9TVEiIp0ohmAxT4j0QJzavJs=; b=LXHr67ccRwHB1Q/u1EJndMu0g4eKlazXsLFC91cXDMUzvlj/DJURIj1ZHsus1T6P4jzgms klrGlb0mj2qoJqEU9db0KgjwvJnQg+YeVsqh7Yt/x+RGWNTXv6ETRNzwQ7xf0TGpOfvZhi r1sOXnoNHWckgTWxs0lAJsABgOA3cxA= X-MC-Unique: Hs7Irs4TPqypoGRuOR4sGQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 6/8] virSecurityDACSetOwnershipInternal: Don't overwrite @path argument Date: Thu, 17 Jun 2021 12:42:06 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" As shown in the previous commit, @path can be NULL. However, in that case @src->path is also NULL. Therefore, trying to "fix" @path to be not NULL is not going to succeed. The real value of NULLSTR() is in providing a non-NULL string for error reporting. Well, that can be done in the error reporting without overwriting argument. Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/security/security_dac.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index e2a6461375..603d5b98ef 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -679,8 +679,6 @@ virSecurityDACSetOwnershipInternal(const virSecurityDAC= Data *priv, =20 if (src && priv->chownCallback) { rc =3D priv->chownCallback(src, uid, gid); - /* here path is used only for error messages */ - path =3D NULLSTR(src->path); =20 /* on -2 returned an error was already reported */ if (rc =3D=3D -2) @@ -712,20 +710,20 @@ virSecurityDACSetOwnershipInternal(const virSecurityD= ACData *priv, if (errno =3D=3D EOPNOTSUPP || errno =3D=3D EINVAL) { VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not " "supported by filesystem", - (long)uid, (long)gid, path); + (long)uid, (long)gid, NULLSTR(path)); } else if (errno =3D=3D EPERM) { VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not " "permitted", - (long)uid, (long)gid, path); + (long)uid, (long)gid, NULLSTR(path)); } else if (errno =3D=3D EROFS) { VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not " "possible on readonly filesystem", - (long)uid, (long)gid, path); + (long)uid, (long)gid, NULLSTR(path)); } else { virReportSystemError(errno, _("unable to set user and group to '%ld:%= ld' " "on '%s'"), - (long)uid, (long)gid, path); + (long)uid, (long)gid, NULLSTR(path)); return -1; } } --=20 2.31.1 From nobody Wed May 1 14:54:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623926715; cv=none; d=zohomail.com; s=zohoarc; b=ZCOAJUktuW3H/2WbZ+PBbTgk7raaOeuvRY0v2UHLK7kYWAg9lZkXGcaQ5ah6FQDm7DQhS3dGe5Mq75tl2ji0mce4rQRWNdiVUhCA2durb9QI7Lwj5kXUakJot73zMbB7gUoalT3VyO0Kmxk+kF1MioaTAsanmq4gXqDP0HdAO68= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623926715; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=WxyYTrJzJc12t4adxzQ0XiWKZd320A7t1RpCOmActio=; b=j28yb/XhMCzzH4CzAxAia77y5YyrsN7HLUfGcytc1GWwhTbPO1F6MSuFEDZh7WC3/a78tW+2hoLcEbPUtDnSlBBpZEtnhpdlcc+jrK4oDPqdD9dlYx9tj75WzOU9diw/qzfBfD5BOpjKueomhED33jZjmCQPd3FhLv4C70nPLMg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1623926715219246.5308805113408; Thu, 17 Jun 2021 03:45:15 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-468-d8GuVhS6PYmcec_-Wsamqg-1; Thu, 17 Jun 2021 06:45:10 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C5143801106; Thu, 17 Jun 2021 10:45:02 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BA7885D6DC; Thu, 17 Jun 2021 10:45:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 749CC1809CAF; Thu, 17 Jun 2021 10:45:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 15HAgJil018937 for ; Thu, 17 Jun 2021 06:42:19 -0400 Received: by smtp.corp.redhat.com (Postfix) id ADDBD19D61; Thu, 17 Jun 2021 10:42:19 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3106119D9D for ; Thu, 17 Jun 2021 10:42:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623926714; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=WxyYTrJzJc12t4adxzQ0XiWKZd320A7t1RpCOmActio=; b=I8awI4rlf9STrIpIBEgi+u2gBDOpczdpwTO0M6xANbhZuDFmjRTPYfE31Stk1ll7JIuK6y fxhZAdI0mSQ2dCOBBOZolaG6BXCgf/wv4gquZOI829Qbr1a3jd1LePb0NnDg7qhKR4mzmD 9dQxCSjR54oWZdWfEE+KnTuCXgRStVk= X-MC-Unique: d8GuVhS6PYmcec_-Wsamqg-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 7/8] virSecurityDACSetOwnershipInternal: Fix WIN32 code Date: Thu, 17 Jun 2021 12:42:07 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" I must admit, I have no idea why we build such POSIX dependent code as DAC driver for something such not POSIX as WIN32. Anyway, the code which is supposed to set error is not doing that. The proper way is to mimic what chown() does: On error, -1 is returned, and errno is set to indicate the error. Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/security/security_dac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 603d5b98ef..7ba367755a 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -700,7 +700,8 @@ virSecurityDACSetOwnershipInternal(const virSecurityDAC= Data *priv, } =20 #ifdef WIN32 - rc =3D ENOSYS; + rc =3D -1; + errno =3D ENOSYS; #else /* !WIN32 */ rc =3D chown(path, uid, gid); #endif /* !WIN32 */ --=20 2.31.1 From nobody Wed May 1 14:54:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623926713; cv=none; d=zohomail.com; s=zohoarc; b=QWRN0yrPk8LXBviJ6/K2Mcw/r0Yvv45AEEXEUm27FdRDPr6vvWAZSXUJwmC55RsRnp/rbxReXXdJ5Fa9U2or2HyrvaIxo4Hxg7noueV6Po/fjs04ze/sk78DAJ0jpBVZlfPV6YaAneeMRqNI3sTB6fHe5m1NyW/12dZmIMmBSL8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623926713; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ldcI8+cGXYx/TpGQscxJXGys7f2EpGs9kXXoG5EQJoc=; b=g+qKknEyEtyxeFGD/+9USmxuPcB/Txe+vevNRy9GSSoX7q06izg1w7wNG7PoZ4wQTGUnDJOG+Bg0TsvlHoQFJFI1rOG8Kkgdrxs2Ug8M+u8Jh5p++5Al/iqV38UL5AzTZscfVpD54HEWXwLbcEH9oLBp03wyF7kiMoaWpZExphA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623926713225723.0052973347173; Thu, 17 Jun 2021 03:45:13 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-441-6nx4TUaQOxe8QtNat0fRQQ-1; Thu, 17 Jun 2021 06:45:10 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id ED902818707; Thu, 17 Jun 2021 10:45:04 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C134619D61; Thu, 17 Jun 2021 10:45:04 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8048546F64; Thu, 17 Jun 2021 10:45:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 15HAgKci018946 for ; Thu, 17 Jun 2021 06:42:20 -0400 Received: by smtp.corp.redhat.com (Postfix) id 87E2E19D7D; Thu, 17 Jun 2021 10:42:20 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0B73A19D61 for ; Thu, 17 Jun 2021 10:42:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623926712; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ldcI8+cGXYx/TpGQscxJXGys7f2EpGs9kXXoG5EQJoc=; b=NB4+JWWwLocg2rgnIDT7Gljcs3+i38RzYlpeVmYncDAbTllE1dfgKNVWJmkiLvyORv+QpC qmcGRlSqc3G7HsbkpAybBQuLYpw6HA1Fr62hisIQf7VZ6Uw5QQutpdSuGxxFjsCm4wqY7P 8JMFbfOpmwqziyB/l03wZYEGfJd+P2k= X-MC-Unique: 6nx4TUaQOxe8QtNat0fRQQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 8/8] qemu: Deduplicate code in qemuSecurityChownCallback() Date: Thu, 17 Jun 2021 12:42:08 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The DAC security driver has an option to register a callback that is called instead of chown(). So far QEMU is the only user of this feature and it's used to set labels on non-local disks (like gluster), where exists notion of owners but regular chown() can't be used. However, this callback (if set) is called always, even for local disks. And thus the QEMU's implementation duplicated parts of the DAC driver to deal with chown(). If the DAC driver would call the callback only for non-local disks then the QEMU's callback can be shorter. Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/qemu/qemu_driver.c | 22 ++-------------------- src/security/security_dac.c | 6 ++++-- src/security/security_manager.h | 13 ++++++++++--- 3 files changed, 16 insertions(+), 25 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 1ee0e7ebc0..235f575901 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -228,31 +228,13 @@ qemuSecurityChownCallback(const virStorageSource *src, uid_t uid, gid_t gid) { - struct stat sb; int save_errno =3D 0; int ret =3D -1; int rv; g_autoptr(virStorageSource) cpy =3D NULL; =20 - if (virStorageSourceIsLocalStorage(src)) { - /* use direct chown for local files so that the file doesn't - * need to be initialized */ - if (!src->path) - return 0; - - if (stat(src->path, &sb) >=3D 0) { - if (sb.st_uid =3D=3D uid && - sb.st_gid =3D=3D gid) { - /* It's alright, there's nothing to change anyway. */ - return 0; - } - } - - if (chown(src->path, uid, gid) < 0) - return -1; - - return 0; - } + if (virStorageSourceIsLocalStorage(src)) + return -3; =20 if ((rv =3D virStorageSourceSupportsSecurityDriver(src)) <=3D 0) return rv; diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 7ba367755a..4909107fcc 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -672,7 +672,7 @@ virSecurityDACSetOwnershipInternal(const virSecurityDAC= Data *priv, uid_t uid, gid_t gid) { - int rc; + int rc =3D 0; =20 /* Be aware that this function might run in a separate process. * Therefore, any driver state changes would be thrown away. */ @@ -683,7 +683,9 @@ virSecurityDACSetOwnershipInternal(const virSecurityDAC= Data *priv, /* on -2 returned an error was already reported */ if (rc =3D=3D -2) return -1; - } else { + } + + if (rc =3D=3D 0 || rc =3D=3D -3) { struct stat sb; =20 if (!path) diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index b5c81e9d98..57047ccb13 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -53,9 +53,16 @@ int virSecurityManagerStackAddNested(virSecurityManager = *stack, * @uid: target uid * @gid: target gid * - * A function callback to chown image files described by the disk source s= truct - * @src. The callback shall return 0 on success, -1 on error and errno set= (no - * libvirt error reported) OR -2 and a libvirt error reported. */ + * A function callback to chown image files described by the disk + * source struct @src. The callback can decide to skip given @src + * and thus let DAC driver chown the file instead (signalled by + * returning -3). + * + * Returns: 0 on success, + * -1 on error and errno set (no libvirt error reported), + * -2 and a libvirt error reported. + * -3 if callback did not handle chown + */ typedef int (*virSecurityManagerDACChownCallback)(const virStorageSource *src, uid_t uid, --=20 2.31.1