On 08/16/2012 12:10 AM, Marcelo Cerri wrote:
> - if (!def->seclabels[0]->norelabel) {
> - def->seclabels[0]->imagelabel = virSecuritySELinuxGenNewContext(
> - data->file_context, mcs);
> - if (!def->seclabels[0]->imagelabel) {
> + if (!seclabel->norelabel) {
> + seclabel->imagelabel = virSecuritySELinuxGenNewContext(
> + data->domain_context, mcs);
> + if (!seclabel->imagelabel) {
> virReportError(VIR_ERR_INTERNAL_ERROR,
> _("cannot generate selinux context for %s"), mcs);
> goto cleanup;
> }
> }
>
> - if (!def->seclabels[0]->model &&
> - !(def->seclabels[0]->model = strdup(SECURITY_SELINUX_NAME))) {
> + if (!seclabel->model &&
> + !(seclabel->model = strdup(SECURITY_SELINUX_NAME))) {
> virReportOOMError();
> goto cleanup;
> }
the patch breaks the object labelling again ... please apply the following patch to fix, thanks!
Image context must always use data->file_context.
Signed-off-by: Viktor Mihajlovski <mihajlov@xxxxxxxxxxxxxxxxxx>
---
src/security/security_selinux.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index eea8fbd..da2a9c4 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -450,9 +450,10 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
}
if (!seclabel->norelabel) {
- seclabel->imagelabel = virSecuritySELinuxGenNewContext(data->domain_context,
- mcs,
- true);
+ seclabel->imagelabel =
+ virSecuritySELinuxGenNewContext(data->file_context,
+ mcs,
+ true);
if (!seclabel->imagelabel) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs);
--
1.7.0.4
--
Mit freundlichen Grüßen/Kind Regards
Viktor Mihajlovski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martin Jetter
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list