diff --git a/src/security/security_dac.c b/src/security/security_dac.c index af02236121..0e75319f8f 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -406,18 +406,19 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr, break; case VIR_DOMAIN_CHR_TYPE_PIPE: - if (virFileExists(dev->data.file.path)) { - if (virSecurityDACSetOwnership(dev->data.file.path, priv->user, priv->group) < 0) - goto done; - } else { - if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) || - (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) { - virReportOOMError(); + if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) || + (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) { + virReportOOMError(); + goto done; + } + if (virFileExists(in) && virFileExists(out)) { + if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) || + (virSecurityDACSetOwnership(out, priv->user, priv->group) < 0)) { goto done; } - if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) || - (virSecurityDACSetOwnership(out, priv->user, priv->group) < 0)) - goto done; + } else if (virSecurityDACSetOwnership(dev->data.file.path, + priv->user, priv->group) < 0) { + goto done; } ret = 0; break; @@ -452,9 +453,14 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virReportOOMError(); goto done; } - if ((virSecurityDACRestoreSecurityFileLabel(out) < 0) || - (virSecurityDACRestoreSecurityFileLabel(in) < 0)) + if (virFileExists(in) && virFileExists(out)) { + if ((virSecurityDACRestoreSecurityFileLabel(out) < 0) || + (virSecurityDACRestoreSecurityFileLabel(in) < 0)) { goto done; + } + } else if (virSecurityDACRestoreSecurityFileLabel(dev->data.file.path) < 0) { + goto done; + } ret = 0; break; diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 0807a34c63..e1a257d183 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -806,18 +806,18 @@ SELinuxSetSecurityChardevLabel(virDomainObjPtr vm, break; case VIR_DOMAIN_CHR_TYPE_PIPE: - if (virFileExists(dev->data.file.path)) { - if (SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0) - goto done; - } else { - if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) || - (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) { - virReportOOMError(); + if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) || + (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) { + virReportOOMError(); + goto done; + } + if (virFileExists(in) && virFileExists(out)) { + if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) || + (SELinuxSetFilecon(out, secdef->imagelabel) < 0)) { goto done; } - if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) || - (SELinuxSetFilecon(out, secdef->imagelabel) < 0)) - goto done; + } else if (SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0) { + goto done; } ret = 0; break; @@ -858,9 +858,14 @@ SELinuxRestoreSecurityChardevLabel(virDomainObjPtr vm, virReportOOMError(); goto done; } - if ((SELinuxRestoreSecurityFileLabel(out) < 0) || - (SELinuxRestoreSecurityFileLabel(in) < 0)) + if (virFileExists(in) && virFileExists(out)) { + if ((SELinuxRestoreSecurityFileLabel(out) < 0) || + (SELinuxRestoreSecurityFileLabel(in) < 0)) { + goto done; + } + } else if (SELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0) { goto done; + } ret = 0; break;