[RFC] security_dac: don't chown iso file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

isos are read-only, so libvirt doesn't need to chown them.  In one of
our testing setups, libvirt uses mirrorred isos.  Since libvirt chowns
the files, (and especially does not chown them back) the mirror refuses
to update the iso.

This patch prevents libvirt from chowning files.

Does this seem reasonable?

Signed-off-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>
---
 src/security/security_dac.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index af02236..e7db324 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -555,6 +555,8 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
         /* XXX fixme - we need to recursively label the entire tree :-( */
         if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
             continue;
+	if (vm->def->disks[i]->device == VIR_DOMAIN_DISK_DEVICE_CDROM)
+	    continue;
         if (virSecurityDACSetSecurityImageLabel(mgr,
                                                 vm,
                                                 vm->def->disks[i]) < 0)
-- 
1.7.5.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]