On Fri, Mar 12, 2010 at 02:01:44PM -0500, Cole Robinson wrote: > Fixes URL installs when running virt-install as root on Fedora. > > Signed-off-by: Cole Robinson <crobinso@xxxxxxxxxx> > --- > src/qemu/qemu_security_dac.c | 21 +++++++++++++++++++++ > src/security/security_selinux.c | 16 ++++++++++++++++ > 2 files changed, 37 insertions(+), 0 deletions(-) > > diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c > index 6911f48..1883fbe 100644 > --- a/src/qemu/qemu_security_dac.c > +++ b/src/qemu/qemu_security_dac.c > @@ -332,6 +332,15 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm) > vm->def->disks[i]) < 0) > rc = -1; > } > + > + if (vm->def->os.kernel && > + qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0) > + rc = -1; > + > + if (vm->def->os.initrd && > + qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0) > + rc = -1; > + > return rc; > } > > @@ -356,6 +365,18 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm) > return -1; > } > > + if (vm->def->os.kernel && > + qemuSecurityDACSetOwnership(vm->def->os.kernel, > + driver->user, > + driver->group) < 0) > + return -1; > + > + if (vm->def->os.initrd && > + qemuSecurityDACSetOwnership(vm->def->os.initrd, > + driver->user, > + driver->group) < 0) > + return -1; > + > return 0; > } > > diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c > index b2c8581..975b315 100644 > --- a/src/security/security_selinux.c > +++ b/src/security/security_selinux.c > @@ -616,6 +616,14 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm) > rc = -1; > } > > + if (vm->def->os.kernel && > + SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0) > + rc = -1; > + > + if (vm->def->os.initrd && > + SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0) > + rc = -1; > + > return rc; > } > > @@ -736,6 +744,14 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm) > return -1; > } > > + if (vm->def->os.kernel && > + SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0) > + return -1; > + > + if (vm->def->os.initrd && > + SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0) > + return -1; > + > return 0; > } > ACK NB, the restore step will almost certainly fail in the common case of virt-manager/virt-install since the files are unlinked. We treat restore as non-fatal though, so shouldn't cause any serious problems Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list