On 11/21/14 00:15, Eric Blake wrote: > On 11/20/2014 08:23 AM, Peter Krempa wrote: >> When creating a disk image snapshot the libvirt code would blindly copy >> the parents label to the newly created image. This runs into problems >> when you start a VM from an image hosted on NFS (or other storage system >> that doesn't support selinux labels) and the snapshot destination is on >> a storage system that does support selinux labels. Libvirt's code in >> that case generates a different security label for the image hosted on >> NFS. This label is valid only for NFS images and doesn't allow access in >> case of a locally stored image. >> >> To fix this issue libvirt needs to refrain from copying security >> information in cases where the default domain seclabel is a better >> choice. >> >> This patch repurposes the now unused @force argument of >> virStorageSourceInitChainElement to denote whether a copy of the >> security labelling stuff should be attempted or not. This allows to >> fine-control the copy operation for cases where we need to keep the >> label of the old disk vs. the cases where we need to keep the label >> unset to use the default domain imagelabel. >> >> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1151718 >> --- > >> + * If @transferLabels is true, security labels from the existing disk are copied >> + * to the new disk. Otherwise the default domain imagelabel label will be used. >> * >> * Returns 0 on success, -1 on error. >> */ >> int >> virStorageSourceInitChainElement(virStorageSourcePtr newelem, >> virStorageSourcePtr old, >> - bool force) >> + bool transferLables) > > Comment was right, code is not. s/transferLables/transferLabels/ > > ACK with that fix. > Fixed && pushed; Thanks. Peter
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list