884d801843
- conf: Parse hyperv features even for host-model (RHEL-151688) - qemu: Wire up new hyperv host-model mode behavior (RHEL-151688) - Introduce EXPAND_CPU_FEATURES flag for domain capabilities (RHEL-153653) - qemu: Implement VIR_CONNECT_GET_DOMAIN_CAPABILITIES_EXPAND_CPU_FEATURES (RHEL-153653) - virsh: Add --expand-cpu-features option for domcapabilities (RHEL-153653) - docs: Clarify host-model description in domain capabilities (RHEL-153653) - qemu: Fix job handling when domain dies in post-copy migration (RHEL-145179) - security_apparmor: Use g_auto* in AppArmorSetSecurityHostdevLabel (RHEL-159902) - security: Cleanup hostdev label error logic (RHEL-159902) - qemu: Fix IOMMUFD and VFIO security labels (RHEL-159902) - viriommufd: Set IOMMU_OPTION_RLIMIT_MODE only when running privileged (RHEL-156803) - conf: Move and rename virStorageSourceFDTuple object (RHEL-156803) - conf: Refactor virHostdevIsPCIDevice (RHEL-156803) - hypervisor: Fix virHostdevNeedsVFIO detection (RHEL-156803) - qemu: Expand call to qemuDomainNeedsVFIO (RHEL-156803) - qemu: Update qemuDomainNeedsVFIO to ignore PCI hostdev with IOMMUFD (RHEL-156803) - src: Use virHostdevIsPCIDeviceWith* to check for IOMMUFD (RHEL-156803) - conf: Introduce domain iommufd element (RHEL-156803) - qemu: Implement iommufd (RHEL-156803) - conf: Add iommufd fdgroup support (RHEL-156803) - qemu: Implement iommufd fdgroup (RHEL-156803) - tests: Add iommufd fdgroup test (RHEL-156803) - hypervisor: Call virWaitForDevices() after detaching host devices (RHEL-156803) - qemuMigrationSrcBeginXML: Don't call 'qemuMigrationSrcBeginPhaseBlockDirtyBitmaps' with offline VM (RHEL-173433) - qemuMigrationSrcBeginPhase: Don't call 'qemuBlockNodesEnsureActive' with offline VM (RHEL-173433) - util: virGetSubIDs: do not limit file size (RHEL-174491) - cpu_conf: Introduce virCPUDefSortFeatures (RHEL-177364) - qemu_capabilities: Split virQEMUCapsFillDomainCPUCaps (RHEL-177364) - qemu: Move domain caps flags handling to virQEMUCapsFillDomainCPUHostModel (RHEL-177364) - qemu_capabilities: Always sort features in host-model CPU (RHEL-177364) - qemu_capabilities: Use g_autoptr in virQEMUCapsInitHostCPUModel (RHEL-177364) - qemu_capabilities: Split conditions in virQEMUCapsInitHostCPUModel (RHEL-177364) - qemu_capabilities: Cache expanded CPU (RHEL-177364) - domaincapstest: Test EXPAND_CPU_FEATURES flag (RHEL-177364) - util: Publish and mock virHostCPUGetMSRFromKVM (RHEL-177364) - cpu_x86: Introduce virCPUx86DataAddMSR (RHEL-177364) - cpu: Introduce virCPUUpdateFeatures (RHEL-177364) - Fix documentation of VIR_CONNECT_GET_DOMAIN_CAPABILITIES_EXPAND_CPU_FEATURES (RHEL-177364) - Introduce VIR_CONNECT_GET_DOMAIN_CAPABILITIES_SUPPORTED_CPU_FEATURES flag (RHEL-177364) - virsh: Add --supported-cpu-features option for domcapabilities (RHEL-177364) - domaincapstest: Test SUPPORTED_CPU_FEATURES flag (RHEL-177364) - qemu_capabilities: Fix domain capabilities on AMD CPUs (RHEL-177364) - distro: Replace old gating with tmt Resolves: RHEL-145179, RHEL-151688, RHEL-153653, RHEL-156803, RHEL-159902 Resolves: RHEL-173433, RHEL-174491, RHEL-177364
119 lines
4.2 KiB
Diff
119 lines
4.2 KiB
Diff
From b2037dd33febe910a6dad3521549b747322d37cb Mon Sep 17 00:00:00 2001
|
|
Message-ID: <b2037dd33febe910a6dad3521549b747322d37cb.1780571166.git.jdenemar@redhat.com>
|
|
From: Pavel Hrdina <phrdina@redhat.com>
|
|
Date: Mon, 2 Mar 2026 12:47:43 +0100
|
|
Subject: [PATCH] security_apparmor: Use g_auto* in
|
|
AppArmorSetSecurityHostdevLabel
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
(cherry picked from commit 75f698c77f0705ae9793331eadb08fbbf89572f6)
|
|
|
|
Resolves: https://redhat.atlassian.net/browse/RHEL-159902
|
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
---
|
|
src/security/security_apparmor.c | 20 ++++++--------------
|
|
1 file changed, 6 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
|
|
index 6c5da2a650..74c5b10063 100644
|
|
--- a/src/security/security_apparmor.c
|
|
+++ b/src/security/security_apparmor.c
|
|
@@ -799,7 +799,7 @@ AppArmorSetSecurityHostdevLabel(virSecurityManager *mgr,
|
|
virDomainHostdevDef *dev,
|
|
const char *vroot)
|
|
{
|
|
- struct SDPDOP *ptr;
|
|
+ g_autofree struct SDPDOP *ptr = NULL;
|
|
int ret = -1;
|
|
virSecurityLabelDef *secdef =
|
|
virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME);
|
|
@@ -831,13 +831,12 @@ AppArmorSetSecurityHostdevLabel(virSecurityManager *mgr,
|
|
|
|
switch (dev->source.subsys.type) {
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
|
|
- virUSBDevice *usb =
|
|
+ g_autoptr(virUSBDevice) usb =
|
|
virUSBDeviceNew(usbsrc->bus, usbsrc->device, vroot);
|
|
if (!usb)
|
|
goto done;
|
|
|
|
ret = virUSBDeviceFileIterate(usb, AppArmorSetSecurityUSBLabel, ptr);
|
|
- virUSBDeviceFree(usb);
|
|
break;
|
|
}
|
|
|
|
@@ -850,13 +849,12 @@ AppArmorSetSecurityHostdevLabel(virSecurityManager *mgr,
|
|
|
|
if (pcisrc->driver.name == VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_VFIO) {
|
|
if (dev->source.subsys.u.pci.driver.iommufd != VIR_TRISTATE_BOOL_YES) {
|
|
- char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci);
|
|
+ g_autofree char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci);
|
|
|
|
if (!vfioGroupDev) {
|
|
goto done;
|
|
}
|
|
ret = AppArmorSetSecurityPCILabel(pci, vfioGroupDev, ptr);
|
|
- VIR_FREE(vfioGroupDev);
|
|
} else {
|
|
g_autofree char *vfiofdDev = NULL;
|
|
|
|
@@ -877,7 +875,7 @@ AppArmorSetSecurityHostdevLabel(virSecurityManager *mgr,
|
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI: {
|
|
virDomainHostdevSubsysSCSIHost *scsihostsrc = &scsisrc->u.host;
|
|
- virSCSIDevice *scsi =
|
|
+ g_autoptr(virSCSIDevice) scsi =
|
|
virSCSIDeviceNew(NULL,
|
|
scsihostsrc->adapter, scsihostsrc->bus,
|
|
scsihostsrc->target, scsihostsrc->unit,
|
|
@@ -887,13 +885,11 @@ AppArmorSetSecurityHostdevLabel(virSecurityManager *mgr,
|
|
goto done;
|
|
|
|
ret = virSCSIDeviceFileIterate(scsi, AppArmorSetSecuritySCSILabel, ptr);
|
|
- virSCSIDeviceFree(scsi);
|
|
-
|
|
break;
|
|
}
|
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST: {
|
|
- virSCSIVHostDevice *host = virSCSIVHostDeviceNew(hostsrc->wwpn);
|
|
+ g_autoptr(virSCSIVHostDevice) host = virSCSIVHostDeviceNew(hostsrc->wwpn);
|
|
|
|
if (!host)
|
|
goto done;
|
|
@@ -901,19 +897,16 @@ AppArmorSetSecurityHostdevLabel(virSecurityManager *mgr,
|
|
ret = virSCSIVHostDeviceFileIterate(host,
|
|
AppArmorSetSecurityHostLabel,
|
|
ptr);
|
|
- virSCSIVHostDeviceFree(host);
|
|
break;
|
|
}
|
|
|
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: {
|
|
- char *vfiodev = NULL;
|
|
+ g_autofree char *vfiodev = NULL;
|
|
|
|
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
|
|
goto done;
|
|
|
|
ret = AppArmorSetSecurityHostdevLabelHelper(vfiodev, ptr);
|
|
-
|
|
- VIR_FREE(vfiodev);
|
|
break;
|
|
}
|
|
|
|
@@ -923,7 +916,6 @@ AppArmorSetSecurityHostdevLabel(virSecurityManager *mgr,
|
|
}
|
|
|
|
done:
|
|
- VIR_FREE(ptr);
|
|
return ret;
|
|
}
|
|
|
|
--
|
|
2.54.0
|