[PATCH v2 06/13] security: selinux: handle qcow2 data-file on image label set/restore

Nikolai Barybin via Devel <devel@xxxxxxxxxxxxxxxxx> · Sat, 7 Sep 2024 17:15:27 +0300

Signed-off-by: Nikolai Barybin <nikolai.barybin@xxxxxxxxxxxxx>
---
 src/security/security_selinux.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 31df4d22db..6d0611fe50 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1871,7 +1871,12 @@ virSecuritySELinuxRestoreImageLabel(virSecurityManager *mgr,
                                     virStorageSource *src,
                                     virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
 {
-    return virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, false);
+    int rc = virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, false);
+
+    if (rc == 0 && src->dataFileStore)
+        rc = virSecuritySELinuxRestoreImageLabelInt(mgr, def, src->dataFileStore, false);
+
+    return rc;
 }
 
 
@@ -1996,6 +2001,10 @@ virSecuritySELinuxSetImageLabel(virSecurityManager *mgr,
         if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, parent, isChainTop) < 0)
             return -1;
 
+        if (n->dataFileStore &&
+            virSecuritySELinuxSetImageLabelInternal(mgr, def, n->dataFileStore, parent, isChainTop) < 0)
+            return -1;
+
         if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN))
             break;
 
@@ -2843,9 +2852,12 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
 
     for (i = 0; i < def->ndisks; i++) {
         virDomainDiskDef *disk = def->disks[i];
-
-        if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src,
-                                                   migrated) < 0)
+        int ret = virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src,
+                                                         migrated);
+        if (ret == 0 && disk->src->dataFileStore)
+            ret = virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src->dataFileStore,
+                                                         migrated);
+        if (ret < 0)
             rc = -1;
     }
 
-- 
2.43.5






