$SUBJ s/dac/selinux On 09/10/2018 05:36 AM, Michal Privoznik wrote: > Lock all the paths we want to relabel to mutually exclude other > libvirt daemons. > > The only culprit here hitch here is that directories can't be Where have I seen this before? > locked. Therefore, when relabeling a directory do not lock it > (this happens only when setting up some domain private paths > anyway, e.g. huge pages directory). > > Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> > --- > src/security/security_selinux.c | 43 +++++++++++++++++++++++++++++++++++------ > 1 file changed, 37 insertions(+), 6 deletions(-) > I shall say "similar comments to my DAC review" (ref/unref, more comments in TransactionRun, and if you want use rv = *SetFilecon* and if (rv < 0) break... And, then you can apply the Reviewed-by: John Ferlan <jferlan@xxxxxxxxxx> John -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
