[Pkg-libvirt-commits] [SCM] Libvirt Debian packaging branch, master, updated. debian/0.7.7-2-3-gb69d3cc
Guido Günther
agx at sigxcpu.org
Wed Mar 17 17:35:33 UTC 2010
The following commit has been merged in the master branch:
commit 21ef92b665d02afed5d6e1724c4ecf2db5f9378f
Author: Guido Günther <agx at sigxcpu.org>
Date: Wed Mar 17 18:13:13 2010 +0100
New patch 0009-security-Set-permissions-for-kernel-initrd.patch
security: Set permissions for kernel/initrd
Thanks: Cole Robinson
Closes: #574241
diff --git a/debian/patches/0009-security-Set-permissions-for-kernel-initrd.patch b/debian/patches/0009-security-Set-permissions-for-kernel-initrd.patch
new file mode 100644
index 0000000..e66f26d
--- /dev/null
+++ b/debian/patches/0009-security-Set-permissions-for-kernel-initrd.patch
@@ -0,0 +1,87 @@
+From: Cole Robinson <crobinso at redhat.com>
+Date: Fri, 12 Mar 2010 13:38:39 -0500
+Subject: [PATCH] security: Set permissions for kernel/initrd
+
+Fixes URL installs when running virt-install as root on Fedora.
+
+Closes: #574241
+Origin: upstream, http://libvirt.org/git/?p=libvirt.git;a=commit;h=3f1aa08af6580c215d973bc6bf57f505dbf8b926
+---
+ src/qemu/qemu_security_dac.c | 21 +++++++++++++++++++++
+ src/security/security_selinux.c | 16 ++++++++++++++++
+ 2 files changed, 37 insertions(+), 0 deletions(-)
+
+diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
+index 6911f48..1883fbe 100644
+--- a/src/qemu/qemu_security_dac.c
++++ b/src/qemu/qemu_security_dac.c
+@@ -332,6 +332,15 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
+ vm->def->disks[i]) < 0)
+ rc = -1;
+ }
++
++ if (vm->def->os.kernel &&
++ qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
++ rc = -1;
++
++ if (vm->def->os.initrd &&
++ qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
++ rc = -1;
++
+ return rc;
+ }
+
+@@ -356,6 +365,18 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
+ return -1;
+ }
+
++ if (vm->def->os.kernel &&
++ qemuSecurityDACSetOwnership(vm->def->os.kernel,
++ driver->user,
++ driver->group) < 0)
++ return -1;
++
++ if (vm->def->os.initrd &&
++ qemuSecurityDACSetOwnership(vm->def->os.initrd,
++ driver->user,
++ driver->group) < 0)
++ return -1;
++
+ return 0;
+ }
+
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index b2c8581..975b315 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -616,6 +616,14 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
+ rc = -1;
+ }
+
++ if (vm->def->os.kernel &&
++ SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
++ rc = -1;
++
++ if (vm->def->os.initrd &&
++ SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
++ rc = -1;
++
+ return rc;
+ }
+
+@@ -736,6 +744,14 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
+ return -1;
+ }
+
++ if (vm->def->os.kernel &&
++ SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
++ return -1;
++
++ if (vm->def->os.initrd &&
++ SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0)
++ return -1;
++
+ return 0;
+ }
+
+--
diff --git a/debian/patches/series b/debian/patches/series
index ef3e0bc..9de8693 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@
0006-Don-t-drop-caps-when-exec-ing-qemu.patch
0007-Work-around-broken-linux-socket.h.patch
0008-qemu-Fix-USB-by-product-with-security-enabled.patch
+0009-security-Set-permissions-for-kernel-initrd.patch
--
Libvirt Debian packaging
More information about the Pkg-libvirt-commits
mailing list