[PATCH v2 11/17] secuirity: DAC: Don't relabel FD-passed virStorageSource images

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



DAC security label is irrelevant once you have the FD. Disable all
labelling for such images.

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
Reviewed-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
---
 src/security/security_dac.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 917fcf76a3..4036a2c27a 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -881,6 +881,10 @@ virSecurityDACSetImageLabelInternal(virSecurityManager *mgr,
     if (!priv->dynamicOwnership)
         return 0;

+    /* Images passed via FD don't need DAC seclabel change */
+    if (virStorageSourceIsFD(src))
+        return 0;
+
     secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
     if (secdef && !secdef->relabel)
         return 0;
@@ -992,6 +996,10 @@ virSecurityDACRestoreImageLabelSingle(virSecurityManager *mgr,
     if (src->readonly || src->shared)
         return 0;

+    /* Images passed via FD don't need DAC seclabel change */
+    if (virStorageSourceIsFD(src))
+        return 0;
+
     secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
     if (secdef && !secdef->relabel)
         return 0;
@@ -1112,10 +1120,14 @@ virSecurityDACMoveImageMetadata(virSecurityManager *mgr,
     if (!priv->dynamicOwnership)
         return 0;

-    if (src && virStorageSourceIsLocalStorage(src))
+    if (src &&
+        virStorageSourceIsLocalStorage(src) &&
+        !virStorageSourceIsFD(src))
         data.src = src->path;

-    if (dst && virStorageSourceIsLocalStorage(dst))
+    if (dst &&
+        virStorageSourceIsLocalStorage(dst) &&
+        !virStorageSourceIsFD(dst))
         data.dst = dst->path;

     if (!data.src)
-- 
2.38.1




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux