On 08/13/2013 08:11 AM, Daniel P. Berrange wrote: > On Mon, Aug 12, 2013 at 10:19:47PM -0600, Eric Blake wrote: >> https://bugzilla.redhat.com/show_bug.cgi?id=924153 >> >> Commit 904e05a2 (v0.9.9) added a per-<disk> seclabel element with >> an attribute relabel='no' in order to try and minimize the >> impact of shutdown delays when an NFS server disappears. The idea >> was that if a disk is on NFS and can't be labeled in the first >> place, there is no need to attempt the (no-op) relabel on domain >> shutdown. Unfortunately, the way this was implemented was by >> modifying the domain XML so that the optimization would survive >> libvirtd restart, but in a way that is indistinguishable from an >> explicit user setting. Furthermore, once the setting is turned >> on, libvirt avoids attempts at labeling, even for operations like >> snapshot or blockcopy where the chain is being extended or pivoted >> onto non-NFS, where SELinux labeling is once again possible. As >> a result, it was impossible to do a blockcopy to pivot from an >> NFS image file onto a local file. >> > > The changes look reasonable, but I'd be alot happier if the > securityselinuxlabeltest.c was covering this scenario. We > already have that test using an LD_PRELOAD hack to mock the > selinux APIs. It ought to be possible to extend it to return > the same errno conditions you'd see on NFS, when given certain > filenames, to allow this code to be validated. Okay, I'll work on a followup patch to do that. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list