On 01/25/2011 12:48 PM, Daniel P. Berrange wrote:
On Tue, Jan 25, 2011 at 04:24:18AM -0500, Laine Stump wrote:
A need was found to set the SELinux context label on an open fd (a
pipe, as a matter of fact). This patch adds a function to the security
driver API that will set the label on an open fd to secdef.label. For
all drivers other than the SELinux driver, it's a NOP. For the SElinux
driver, it calls fsetfilecon().
If the return is a failure, it only returns error up to the caller if
1) the desired label is different from the existing label, 2) the
destination fd is of a type that supports setting the selinux context,
and 3) selinux is in enforcing mode. Otherwise it will return
success. This follows the pattern of the existing function
SELinuxSetFilecon().
ACK
Thanks. I'll hold off on pushing this just in case the discussion on
PATCH 2/3 leads to a change requirement in this one.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list