This is meant for next release to have the most time possible for testing. Some of the patches were ACKed in v3 already but since they don't make sense on their own I haven't pushed them. v4 of: https://www.redhat.com/archives/libvir-list/2019-March/msg01948.html As usual, you can find (not only these) patches on my github: https://github.com/zippy2/libvirt branch xattr_fixes_v4 diff to v3: - Some new patches (qemusecuritytest and qemusecuritymock) - Some other fixes raised by Cole in review of v3 (like double error reporting and others) - Remembering is done only for paths that cannot be shared between domains. This renders refcounting needless because the refcounter can't ever be greater than one. Nevertheless, I'm keeping it in because in the long run I might come up with a solution to the problem of shared resources and having refcounters might help. Michal Prívozník (25): qemusecuritymock: Mock virProcessRunInFork qemusecuritymock: Fix bit arithmetic qemusecuritymock: Actually set error on failure qemusecuritymock: Introduce and use freePaths() qemusecuritytest: Drop unused variable qemusecuritytest: Use AUTOFREE/AUTOUNREF qemusecuritytest: Fix capabilities loading tools: Slightly rework libvirt_recover_xattrs.sh virSecuritySELinuxRestoreAllLabel: Print @migrated in the debug message too virfile: Make virFileGetXAttr report errors virFileSetXAttr: Report error on failure virFileRemoveXAttr: Report error on failure security: Don't skip label restore on file systems lacking XATTRs security: Document @restore member of transaction list security_dac: Allow caller to suppress owner remembering security_selinux: Allow caller to suppress owner remembering qemusecuritymock: Allow some paths to be not restored security: Don't remember owner for shared resources security: Introduce virSecurityManagerMoveImageMetadata security_util: Introduce virSecurityMoveRememberedLabel security_dac: Implement virSecurityManagerMoveImageMetadata security_selinux: Implement virSecurityManagerMoveImageMetadata qemu_security: Implement qemuSecurityMoveImageMetadata qemu: Move image security metadata on snapshot activity Revert "qemu: Temporary disable owner remembering" docs/news.xml | 13 ++ src/libvirt_private.syms | 2 + src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 5 + src/qemu/qemu_blockjob.c | 6 + src/qemu/qemu_conf.c | 4 + src/qemu/qemu_driver.c | 17 +- src/qemu/qemu_security.c | 19 +++ src/qemu/qemu_security.h | 5 + src/qemu/test_libvirtd_qemu.aug.in | 1 + src/security/security_dac.c | 171 +++++++++++++++---- src/security/security_driver.h | 5 + src/security/security_manager.c | 39 +++++ src/security/security_manager.h | 4 + src/security/security_nop.c | 10 ++ src/security/security_selinux.c | 263 ++++++++++++++++++++--------- src/security/security_stack.c | 20 +++ src/security/security_util.c | 73 +++++++- src/security/security_util.h | 5 + src/util/virfile.c | 78 +++++++-- src/util/virfile.h | 5 + src/util/virprocess.h | 3 +- tests/qemusecuritymock.c | 76 +++++++-- tests/qemusecuritytest.c | 146 ++++++++++------ tests/qemusecuritytest.h | 4 +- tools/libvirt_recover_xattrs.sh | 50 +++--- 26 files changed, 802 insertions(+), 223 deletions(-) -- 2.21.0 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
