DAC security label is irrelevant once you have the FD. Disable all
labelling for such images.
Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
Reviewed-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
---
src/security/security_dac.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 917fcf76a3..4036a2c27a 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -881,6 +881,10 @@ virSecurityDACSetImageLabelInternal(virSecurityManager *mgr,
if (!priv->dynamicOwnership)
return 0;
+ /* Images passed via FD don't need DAC seclabel change */
+ if (virStorageSourceIsFD(src))
+ return 0;
+
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
if (secdef && !secdef->relabel)
return 0;
@@ -992,6 +996,10 @@ virSecurityDACRestoreImageLabelSingle(virSecurityManager *mgr,
if (src->readonly || src->shared)
return 0;
+ /* Images passed via FD don't need DAC seclabel change */
+ if (virStorageSourceIsFD(src))
+ return 0;
+
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
if (secdef && !secdef->relabel)
return 0;
@@ -1112,10 +1120,14 @@ virSecurityDACMoveImageMetadata(virSecurityManager *mgr,
if (!priv->dynamicOwnership)
return 0;
- if (src && virStorageSourceIsLocalStorage(src))
+ if (src &&
+ virStorageSourceIsLocalStorage(src) &&
+ !virStorageSourceIsFD(src))
data.src = src->path;
- if (dst && virStorageSourceIsLocalStorage(dst))
+ if (dst &&
+ virStorageSourceIsLocalStorage(dst) &&
+ !virStorageSourceIsFD(dst))
data.dst = dst->path;
if (!data.src)
--
2.38.1
