From 5377177f80da40ee7d47601400b50835f093715a Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 2 Dec 2020 10:24:21 +0100
Subject: [PATCH] libvirt_recover_xattrs: Use only the correct xattr prefix

Linux and FreeBSD have different prefix. In the current state we've
tried to reset the labels for both systems which resulted in errors like
this:

Fixing /tmp/bitmaps2.qcow2
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported
setfattr: /tmp/bitmaps2.qcow2: Operation not supported

The 6 failed 'setfattrs' correspond to the wrong prefix.

Select the correct prefix based on the kernel name and modify the code
appropriately.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 tools/libvirt_recover_xattrs.sh | 48 ++++++++++++++++++---------------
 1 file changed, 27 insertions(+), 21 deletions(-)

diff --git a/tools/libvirt_recover_xattrs.sh b/tools/libvirt_recover_xattrs.sh
index cb98497732..b7a8c05cf4 100755
--- a/tools/libvirt_recover_xattrs.sh
+++ b/tools/libvirt_recover_xattrs.sh
@@ -29,11 +29,6 @@ DIR="/"
 URI=("qemu:///system"
      "lxc:///system")
 
-# On Linux we use 'trusted' namespace, on FreeBSD we use 'system'
-# as there is no 'trusted'.
-LIBVIRT_XATTR_PREFIXES=("trusted.libvirt.security"
-                        "system.libvirt.security")
-
 if [ $(whoami) != "root" ]; then
     die "Must be run as root"
 fi
@@ -62,6 +57,21 @@ if [ $# -gt 0 ]; then
     DIR=$1
 fi
 
+case $(uname -s) in
+    Linux)
+        XATTR_PREFIX="trusted.libvirt.security"
+        ;;
+
+    FreeBSD)
+        XATTR_PREFIX="system.libvirt.security"
+        ;;
+
+    *)
+        die "$0 is not supported on this platform"
+        ;;
+esac
+
+
 if [ ${DRY_RUN} -eq 0 ]; then
     for u in ${URI[*]} ; do
         if [ -n "`virsh -q -c $u list 2>/dev/null`" ]; then
@@ -73,24 +83,20 @@ fi
 
 declare -a XATTRS
 for i in "dac" "selinux"; do
-    for p in ${LIBVIRT_XATTR_PREFIXES[@]}; do
-        XATTRS+=("$p.$i" "$p.ref_$i" "$p.timestamp_$i")
-    done
+    XATTRS+=("$XATTR_PREFIX.$i" "$XATTR_PREFIX.ref_$i" "$XATTR_PREFIX.timestamp_$i")
 done
 
-for p in ${LIBVIRT_XATTR_PREFIXES[*]}; do
-    for i in $(getfattr -R -d -m ${p} --absolute-names ${DIR} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
-        echo $i;
-        if [ ${DRY_RUN} -ne 0 ]; then
-            getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
-            continue
-        fi
 
-        if [ ${QUIET} -eq 0 ]; then
-            echo "Fixing $i";
-        fi
-        for x in ${XATTRS[*]}; do
-            setfattr -x $x $i
-        done
+for i in $(getfattr -R -d -m ${XATTR_PREFIX} --absolute-names ${DIR} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
+    if [ ${DRY_RUN} -ne 0 ]; then
+        getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
+        continue
+    fi
+
+    if [ ${QUIET} -eq 0 ]; then
+        echo "Fixing $i";
+    fi
+    for x in ${XATTRS[*]}; do
+        setfattr -x $x $i
     done
 done