tools: Slightly rework libvirt_recover_xattrs.sh

Firstly, there's no reason to enumerate all XATTRs since they differ only in the prefix and we can construct them in a loop. Secondly, and more importantly, the script was still looking for just one prefix "trusted.libvirt.security" even on FreeBSD. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-15 09:19:08 +01:00 · 2019-01-15 09:19:08 +01:00 · f45c97eac2
parent 90540a37be
commit f45c97eac2
1 changed files with 27 additions and 27 deletions
--- a/tools/libvirt_recover_xattrs.sh
+++ b/tools/libvirt_recover_xattrs.sh
@ -23,14 +23,16 @@ EOF

 QUIET=0
 DRY_RUN=0
-P="/"
+DIR="/"

 # So far only qemu and lxc drivers use security driver.
 URI=("qemu:///system"
-     "qemu:///session"
     "lxc:///system")

-LIBVIRT_XATTR_PREFIX="trusted.libvirt.security"
+# On Linux we use 'trusted' namespace, on FreeBSD we use 'system'
+# as there is no 'trusted'.
+LIBVIRT_XATTR_PREFIXES=("trusted.libvirt.security"
+                        "system.libvirt.security")

 if [ `whoami` != "root" ]; then
    die "Must be run as root"
@ -57,7 +59,7 @@ done

 shift $((OPTIND - 1))
 if [ $# -gt 0 ]; then
-    P=$1
+    DIR=$1
 fi

 if [ ${DRY_RUN} -eq 0 ]; then
@ -69,28 +71,26 @@ if [ ${DRY_RUN} -eq 0 ]; then
 fi


-# On Linux we use 'trusted' namespace, on FreeBSD we use 'system'
-# as there is no 'trusted'.
-XATTRS=("trusted.libvirt.security.dac"
-        "trusted.libvirt.security.ref_dac"
-        "trusted.libvirt.security.selinux"
-        "trusted.libvirt.security.ref_selinux",
-        "system.libvirt.security.dac"
-        "system.libvirt.security.ref_dac"
-        "system.libvirt.security.selinux"
-        "system.libvirt.security.ref_selinux")
-
-for i in $(getfattr -R -d -m ${LIBVIRT_XATTR_PREFIX} --absolute-names ${P} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
-    if [ ${DRY_RUN} -ne 0 ]; then
-        echo $i
-        getfattr -d -m ${LIBVIRT_XATTR_PREFIX} $i
-        continue
-    fi
-
-    if [ ${QUIET} -eq 0 ]; then
-        echo "Fixing $i";
-    fi
-    for x in ${XATTRS[*]}; do
-        setfattr -x $x $i
+declare -a XATTRS
+for i in "dac" "selinux"; do
+    for p in ${LIBVIRT_XATTR_PREFIXES[@]}; do
+        XATTRS+=("$p.$i" "$p.ref_$i")
+    done
+done
+
+for p in ${LIBVIRT_XATTR_PREFIXES[*]}; do
+    for i in $(getfattr -R -d -m ${p} --absolute-names ${DIR} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
+        echo $i;
+        if [ ${DRY_RUN} -ne 0 ]; then
+            getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
+            continue
+        fi
+
+        if [ ${QUIET} -eq 0 ]; then
+            echo "Fixing $i";
+        fi
+        for x in ${XATTRS[*]}; do
+            setfattr -x $x $i
+        done
    done
 done