These APIs are are basically
virSecuritySELinuxDomainSetPathLabelRO() and
virSecuritySELinuxDomainRestorePathLabel().
Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
src/security/security_selinux.c | 35 +++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index f8c1a0a2f1..6b0581e4d9 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2501,6 +2501,38 @@ virSecuritySELinuxRestoreHostdevLabel(virSecurityManagerPtr mgr,
}
+static int
+virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *savefile)
+{
+ virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
+ virSecurityLabelDefPtr secdef;
+
+ secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+
+ if (!savefile || !secdef || !secdef->relabel || data->skipAllLabel)
+ return 0;
+
+ return virSecuritySELinuxSetFilecon(mgr, savefile, data->content_context, false);
+}
+
+
+static int
+virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *savefile)
+{
+ virSecurityLabelDefPtr secdef;
+
+ secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+ if (!secdef || !secdef->relabel)
+ return 0;
+
+ return virSecuritySELinuxRestoreFileLabel(mgr, savefile, true);
+}
+
+
static int
virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
@@ -3616,6 +3648,9 @@ virSecurityDriver virSecurityDriverSELinux = {
.domainSetSecurityHostdevLabel = virSecuritySELinuxSetHostdevLabel,
.domainRestoreSecurityHostdevLabel = virSecuritySELinuxRestoreHostdevLabel,
+ .domainSetSavedStateLabel = virSecuritySELinuxSetSavedStateLabel,
+ .domainRestoreSavedStateLabel = virSecuritySELinuxRestoreSavedStateLabel,
+
.domainSetSecurityImageFDLabel = virSecuritySELinuxSetImageFDLabel,
.domainSetSecurityTapFDLabel = virSecuritySELinuxSetTapFDLabel,
--
2.26.2
