When call qemuProcessAttach to attach a qemu process, libvirt will generate a wrong label for DAC, and do not set imagelabel for both of them, no imagelabel will cause some other issue. After this patch guest label will be : <seclabel type='static' model='selinux' relabel='yes'> <label>unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023</label> <imagelabel>system_u:object_r:svirt_image_t:s0-s0:c0.c1023</imagelabel> </seclabel> <seclabel type='static' model='dac' relabel='yes'> <label>+0:+0</label> <imagelabel>+0:+0</imagelabel> </seclabel> Luyao Huang (2): qemu: fix some small issue in qemuProcessAttach security: Add a new func use stat to get process DAC label src/qemu/qemu_process.c | 10 ++++++--- src/security/security_dac.c | 50 +++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 55 insertions(+), 5 deletions(-) -- 1.8.3.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list