When relabel='no' at the domain level, there is no need to call
the hostdev relabeling functions.
Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
Signed-off-by: Jim Fehlig <jfehlig@xxxxxxxx>
---
src/security/security_dac.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index d6ca303..4434cd0 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -485,6 +485,9 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
cbdata.manager = mgr;
cbdata.secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
+ if (cbdata.secdef && cbdata.secdef->norelabel)
+ return 0;
+
switch ((enum virDomainHostdevSubsysType) dev->source.subsys.type) {
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
virUSBDevicePtr usb;
@@ -601,10 +604,13 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityLabelDefPtr secdef;
int ret = -1;
- if (!priv->dynamicOwnership)
- return 0;
+ secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
+
+ if (!priv->dynamicOwnership || (secdef && secdef->norelabel))
+ return 0;
if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
return 0;
--
1.8.1.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list