From: "Richard W.M. Jones" <rjones@xxxxxxxxxx>
libvirt skips labelling these, for unknown reasons. This breaks
libguestfs. Adding this and some SELinux rules (RHBZ#857453) fixes
everything for me.
---
src/security/security_selinux.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a7e2420..4214105 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1233,6 +1233,14 @@ virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
ret = virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel);
break;
+ case VIR_DOMAIN_CHR_TYPE_UNIX:
+ if (!dev->data.nix.listen) {
+ if (virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0)
+ goto done;
+ }
+ ret = 0;
+ break;
+
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
@@ -1284,6 +1292,15 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
goto done;
ret = 0;
break;
+
+ case VIR_DOMAIN_CHR_TYPE_UNIX:
+ if (!dev->data.nix.listen) {
+ if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0)
+ goto done;
+ }
+ ret = 0;
+ break;
+
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&out, "%s.out", dev->data.file.path) < 0) ||
(virAsprintf(&in, "%s.in", dev->data.file.path) < 0)) {
--
1.7.10.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list