Re: [PATCH 09/15] security: selinux: handle qcow2 data-file on image label set/restore

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 20, 2024 at 18:48:44 +0300, Nikolai Barybin via Devel wrote:
> Signed-off-by: Nikolai Barybin <nikolai.barybin@xxxxxxxxxxxxx>
> ---
>  src/security/security_selinux.c | 27 +++++++++++++++++++++++++--
>  1 file changed, 25 insertions(+), 2 deletions(-)

[...]

> @@ -2067,6 +2075,14 @@ virSecuritySELinuxSetImageLabel(virSecurityManager *mgr,
>                                                      isChainTop) < 0)
>              return -1;
>  
> +        /* Unlike backing images, data files are not designed to be shared by
> +         * anyone. Thus, we always consider them as chain top. */
> +        if (n->dataFileStore &&
> +            virSecuritySELinuxSetImageLabelInternal(mgr, sharedFilesystems,
> +                                                    def, n->dataFileStore, parent,
> +                                                    true) < 0)

Inside this function there's code which picks which label gets applied,
the code applies RW labels if the active element is equal to 'parent'.

This needs to be extended to also consider 'parent->dataFileStore' so
that the data-file images are labelled RW.



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux