This is v2 of: https://listman.redhat.com/archives/libvir-list/2021-August/msg00698.html When migrating using shared fs, the dst host will remember the image labels again before launching the VM and the src host will remove the image labels after migration. It leads to that the image labels lost after migration. Patch 8-10 are the real fix patches. v1 -> v2: 1. fix check of virFileIsSharedFS in patch10 (patch9 in v1) [Michal] 2. add implementation of SELinux (patch5, 7, 8) [Michal] Peng Liang (10): security: add virSecurityUpdateTimestampIfexists security: add virSecurityManagerUpdateImageLabel security: implement domainUpdateSecurityImageLabel for stack security: implement domainUpdateSecurityImageLabel for DAC security: implement domainUpdateSecurityImageLabel for SELinux qemu: add qemuSecurityUpdateImageLabel security: rename 2 functions in DAC and SELinux security: don't remember image labels when migrating with shared fs migration: don't remove image labels after migration migration: update image labels in dst after migration src/libvirt_private.syms | 1 + src/qemu/qemu_migration.c | 12 +++++++ src/qemu/qemu_process.c | 5 ++- src/qemu/qemu_security.c | 10 ++++++ src/qemu/qemu_security.h | 5 +++ src/security/security_dac.c | 58 ++++++++++++++++++++++++-------- src/security/security_driver.h | 5 +++ src/security/security_manager.c | 29 ++++++++++++++++ src/security/security_manager.h | 5 +++ src/security/security_selinux.c | 59 +++++++++++++++++++++++++-------- src/security/security_stack.c | 20 +++++++++++ src/security/security_util.c | 32 ++++++++++++++++++ src/security/security_util.h | 4 +++ 13 files changed, 218 insertions(+), 27 deletions(-) -- 2.31.1
