On 11/20/2014 08:23 AM, Peter Krempa wrote: > When creating a disk image snapshot the libvirt code would blindly copy > the parents label to the newly created image. This runs into problems > when you start a VM from an image hosted on NFS (or other storage system > that doesn't support selinux labels) and the snapshot destination is on > a storage system that does support selinux labels. Libvirt's code in > that case generates a different security label for the image hosted on > NFS. This label is valid only for NFS images and doesn't allow access in > case of a locally stored image. > > To fix this issue libvirt needs to refrain from copying security > information in cases where the default domain seclabel is a better > choice. > > This patch repurposes the now unused @force argument of > virStorageSourceInitChainElement to denote whether a copy of the > security labelling stuff should be attempted or not. This allows to > fine-control the copy operation for cases where we need to keep the > label of the old disk vs. the cases where we need to keep the label > unset to use the default domain imagelabel. > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1151718 > --- > + * If @transferLabels is true, security labels from the existing disk are copied > + * to the new disk. Otherwise the default domain imagelabel label will be used. > * > * Returns 0 on success, -1 on error. > */ > int > virStorageSourceInitChainElement(virStorageSourcePtr newelem, > virStorageSourcePtr old, > - bool force) > + bool transferLables) Comment was right, code is not. s/transferLables/transferLabels/ ACK with that fix. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list