Make sure that the new vhost protocol does not drive the existing virtio SCSI code. Signed-off-by: Eric Farman <farman@xxxxxxxxxxxxxxxxxx> Reviewed-by: Bjoern Walk <bwalk@xxxxxxxxxxxxxxxxxx> Reviewed-by: Marc Hartmayer <mhartmay@xxxxxxxxxxxxxxxxxx> Reviewed-by: Boris Fiuczynski <fiuczy@xxxxxxxxxxxxxxxxxx> --- src/security/security_apparmor.c | 5 +++-- src/security/security_dac.c | 10 ++++++---- src/security/security_selinux.c | 10 ++++++---- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index af2b639..e3fcc58 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -842,10 +842,11 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr, return 0; /* Like AppArmorRestoreSecurityImageLabel() for a networked disk, - * do nothing for an iSCSI hostdev + * do nothing for an iSCSI or vhost-scsi hostdev */ if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI && - scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) + (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI || + scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_VHOST)) return 0; if (profile_loaded(secdef->imagelabel) < 0) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 442ce70..75b5819 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -601,10 +601,11 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr, return 0; /* Like virSecurityDACSetImageLabel() for a networked disk, - * do nothing for an iSCSI hostdev + * do nothing for an iSCSI or vhost-scsi hostdev */ if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI && - scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) + (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI || + scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_VHOST)) return 0; cbdata.manager = mgr; @@ -742,10 +743,11 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr, return 0; /* Like virSecurityDACRestoreImageLabelInt() for a networked disk, - * do nothing for an iSCSI hostdev + * do nothing for an iSCSI or vhost-scsi hostdev */ if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI && - scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) + (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI || + scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_VHOST)) return 0; switch ((virDomainHostdevSubsysType) dev->source.subsys.type) { diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 4be946d..8632d0f 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1430,10 +1430,11 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr, int ret = -1; /* Like virSecuritySELinuxSetImageLabelInternal() for a networked - * disk, do nothing for an iSCSI hostdev + * disk, do nothing for an iSCSI or vhost-scsi hostdev */ if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI && - scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) + (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI || + scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_VHOST)) return 0; switch (dev->source.subsys.type) { @@ -1634,10 +1635,11 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr, int ret = -1; /* Like virSecuritySELinuxRestoreImageLabelInt() for a networked - * disk, do nothing for an iSCSI hostdev + * disk, do nothing for an iSCSI or vhost-scsi hostdev */ if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI && - scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) + (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI || + scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_VHOST)) return 0; switch (dev->source.subsys.type) { -- 1.9.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list