On Fri, Sep 25, 2009 at 05:47:35PM -0500, Jamie Strandboge wrote: > On Fri, 25 Sep 2009, Jamie Strandboge wrote: > > > [PATCH 1] > > patch_1_reenable-nonfile-labels.patch (Updated based on prior feedback): > > When James Morris originally submitted his sVirt patches (as seen in > > libvirt 0.6.1), he did not require on disk labelling for > > virSecurityDomainRestoreImageLabel. A later commit[2] changed this > > behavior to assume on disk labelling, which halts implementations for > > path-based MAC systems such as AppArmor and TOMOYO where > > vm->def->seclabel is required to obtain the label. This patch simply > > adds the 'virDomainObjPtr vm' argument back to *RestoreImageLabel. > > -- > Jamie Strandboge | http://www.canonical.com > diff -Naurp libvirt.orig/src/qemu/qemu_driver.c libvirt/src/qemu/qemu_driver.c > --- libvirt.orig/src/qemu/qemu_driver.c 2009-09-25 10:50:21.000000000 -0500 > +++ libvirt/src/qemu/qemu_driver.c 2009-09-25 16:56:32.000000000 -0500 > @@ -6309,7 +6309,7 @@ static int qemudDomainDetachDevice(virDo > dev->data.disk->bus == VIR_DOMAIN_DISK_BUS_VIRTIO)) { > ret = qemudDomainDetachPciDiskDevice(dom->conn, vm, dev); > if (driver->securityDriver) > - driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, dev->data.disk); > + driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, vm, dev->data.disk); > if (qemuDomainSetDeviceOwnership(dom->conn, driver, dev, 1) < 0) > VIR_WARN0("Fail to restore disk device ownership"); > } else if (dev->type == VIR_DOMAIN_DEVICE_NET) { > diff -Naurp libvirt.orig/src/security/security_driver.h libvirt/src/security/security_driver.h > --- libvirt.orig/src/security/security_driver.h 2009-09-22 12:51:57.000000000 -0500 > +++ libvirt/src/security/security_driver.h 2009-09-25 16:56:32.000000000 -0500 > @@ -32,6 +32,7 @@ typedef virSecurityDriverStatus (*virSec > typedef int (*virSecurityDriverOpen) (virConnectPtr conn, > virSecurityDriverPtr drv); > typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn, > + virDomainObjPtr vm, > virDomainDiskDefPtr disk); > typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn, > virDomainObjPtr vm, > diff -Naurp libvirt.orig/src/security/security_selinux.c libvirt/src/security/security_selinux.c > --- libvirt.orig/src/security/security_selinux.c 2009-09-22 12:51:57.000000000 -0500 > +++ libvirt/src/security/security_selinux.c 2009-09-25 16:56:32.000000000 -0500 > @@ -377,6 +377,7 @@ err: > > static int > SELinuxRestoreSecurityImageLabel(virConnectPtr conn, > + virDomainObjPtr vm ATTRIBUTE_UNUSED, > virDomainDiskDefPtr disk) > { > /* Don't restore labels on readoly/shared disks, because > @@ -581,7 +582,8 @@ SELinuxRestoreSecurityLabel(virConnectPt > rc = -1; > } > for (i = 0 ; i < vm->def->ndisks ; i++) { > - if (SELinuxRestoreSecurityImageLabel(conn, vm->def->disks[i]) < 0) > + if (SELinuxRestoreSecurityImageLabel(conn, vm, > + vm->def->disks[i]) < 0) > rc = -1; > } > VIR_FREE(secdef->model); ACK Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list