On Thu, Apr 01, 2010 at 12:10:38PM -0400, Laine Stump wrote: > (suggested by Daniel Berrange, tested by Dan Kenigsberg) > > virStorageFileGetMetadata will fail for disk images that are stored on > a root-squash NFS share that isn't world-readable. > SELinuxSetSecurityImageLabel is called during the startup of every > domain (as long as security_driver != "none"), and it will propogate > the error from virStorageFileGetMetadata, causing the domain startup > to fail. This is, however, a common scenario when qemu is run as a > non-root user and the disk image is stored on NFS. > > Ignoring this failure (which doesn't matter in this case, since the > next thing done by SELinuxSetSecurityImageLabel - setting the file > context - will also fail (and that function already ignores failures > due to root-squash NFS) will allow us to continue bringing up the > domain. The result is that we don't need to disable the entire > security driver just because a domain's disk image is stored on > root-squashed NFS. > --- > src/security/security_selinux.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c > index 6680e2d..3e20475 100644 > --- a/src/security/security_selinux.c > +++ b/src/security/security_selinux.c > @@ -430,7 +430,7 @@ SELinuxSetSecurityImageLabel(virDomainObjPtr vm, > path = NULL; > > if (ret < 0) > - return -1; > + break; > > if (meta.backingStore != NULL && > SELinuxSetFilecon(meta.backingStore, ACK, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@xxxxxxxxxxxx | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list