[Pkg-libvirt-commits] [libguestfs] 128/233: daemon: Bind-mount /sys/fs/selinux into sysroot when running commands.

Hilko Bengen bengen at moszumanska.debian.org
Wed Feb 19 21:11:44 UTC 2014 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch experimental
in repository libguestfs.

commit ab33653ef312e18042be08854aa0dec2c7254fc2
Author: Richard W.M. Jones <rjones at redhat.com>
Date:   Fri Jan 24 19:36:33 2014 +0000

    daemon: Bind-mount /sys/fs/selinux into sysroot when running commands.
    
    Even though we are already bind-mounting /sys, it is necessary to also
    bind-mount /sys/fs/selinux in order for SELinux commands (in
    particular, 'load_policy') to work.
    
    This fixes/reverts commit 7367729ec7a5d016878dd00b32cce45cec372931.
---
 daemon/command.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/daemon/command.c b/daemon/command.c
index 066c773..1aa1a52 100644
--- a/daemon/command.c
+++ b/daemon/command.c
@@ -48,7 +48,8 @@ struct bind_state {
   char *sysroot_dev_pts;
   char *sysroot_proc;
   char *sysroot_sys;
-  bool dev_ok, dev_pts_ok, proc_ok, sys_ok;
+  char *sysroot_sys_fs_selinux;
+  bool dev_ok, dev_pts_ok, proc_ok, sys_ok, sys_fs_selinux_ok;
 };
 
 struct resolver_state {
@@ -76,14 +77,17 @@ bind_mount (struct bind_state *bs)
   bs->sysroot_dev_pts = sysroot_path ("/dev/pts");
   bs->sysroot_proc = sysroot_path ("/proc");
   bs->sysroot_sys = sysroot_path ("/sys");
+  bs->sysroot_sys_fs_selinux = sysroot_path ("/sys/fs/selinux");
 
   if (bs->sysroot_dev == NULL || bs->sysroot_dev_pts == NULL ||
-      bs->sysroot_proc == NULL || bs->sysroot_sys == NULL) {
+      bs->sysroot_proc == NULL || bs->sysroot_sys == NULL ||
+      bs->sysroot_sys_fs_selinux == NULL) {
     reply_with_perror ("malloc");
     free (bs->sysroot_dev);
     free (bs->sysroot_dev_pts);
     free (bs->sysroot_proc);
     free (bs->sysroot_sys);
+    free (bs->sysroot_sys_fs_selinux);
     return -1;
   }
 
@@ -95,6 +99,8 @@ bind_mount (struct bind_state *bs)
   bs->proc_ok = r != -1;
   r = command (NULL, NULL, str_mount, "--bind", "/sys", bs->sysroot_sys, NULL);
   bs->sys_ok = r != -1;
+  r = command (NULL, NULL, str_mount, "--bind", "/sys/fs/selinux", bs->sysroot_sys_fs_selinux, NULL);
+  bs->sys_fs_selinux_ok = r != -1;
 
   bs->mounted = true;
 
@@ -111,6 +117,8 @@ static void
 free_bind_state (struct bind_state *bs)
 {
   if (bs->mounted) {
+    if (bs->sys_fs_selinux_ok) umount_ignore_fail (bs->sysroot_sys_fs_selinux);
+    free (bs->sysroot_sys_fs_selinux);
     if (bs->sys_ok) umount_ignore_fail (bs->sysroot_sys);
     free (bs->sysroot_sys);
     if (bs->proc_ok) umount_ignore_fail (bs->sysroot_proc);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libguestfs.git

More information about the Pkg-libvirt-commits mailing list