On Wed, Oct 02, 2024 at 17:41:45 +0200, Andrea Bolognani wrote: > In the case of outgoing migration, we avoid restoring the > remembered labels for the TPM state directory because doing so > would risk cutting off storage access for the target node. > > Even in that case though, we should still forget (unref) the > remembered labels: if we don't, the source node will keep > thinking that the state directory is in use. > > Note that this change only affects the SELinux driver because > the DAC driver doesn't currently implement label remembering > for TPM state at all. > > Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> > --- > src/security/security_selinux.c | 49 +++++++++++++++++++++++++++++++++ > 1 file changed, 49 insertions(+) Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>
