On Fri, Mar 13, 2009 at 11:03:26AM -0400, Daniel J Walsh wrote: > The current svirt patch relabels all disk to the image_t:MCS, which is > incorrect. Read Only Disks and Sharable Disks should not be labeled. > > Also when libvirt is completed running the image it needs to relabel the > image back to something sane. Right now it is labeling everything > imagelabel:s0, including phisical disk partitions. I considered two > ways of labeling the "disk" back. We can either grab the label when > libvirt starts and change it back to this label when ever an image > completes or we can ask the system what the label should be. > (matcpathcon). I originally coded up the first, but quickly realized if > anything went wrong with libvirt labeling like a crash, the labels on > disk could be wrong. And libvirt would continuously set them to this > wrong label. With matchpathcon, libvirt will at least set them to > something sane. > > So this patch Removes labeling of readonly and shared disks and restores > the images label to the system default when the image completes. > > I would really like to get this in ASAP. Since currently libvirt is > relabeing the cdrom to virt_image_t when it is complete as well as > physical disks. ACK this all looks sane to me. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list