If relabel='no' at the domain level, no need to attempt relabeling
in virSecurityDAC{Set,Restore}SecurityAllLabel().
Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
Signed-off-by: Jim Fehlig <jfehlig@xxxxxxxx>
---
src/security/security_dac.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 2928c1d..f46b642 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -823,12 +823,14 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
int migrated)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityLabelDefPtr secdef;
size_t i;
int rc = 0;
- if (!priv->dynamicOwnership)
- return 0;
+ secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
+ if (!priv->dynamicOwnership || (secdef && secdef->norelabel))
+ return 0;
VIR_DEBUG("Restoring security label on %s migrated=%d",
def->name, migrated);
@@ -898,11 +900,11 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
uid_t user;
gid_t group;
- if (!priv->dynamicOwnership)
- return 0;
-
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
+ if (!priv->dynamicOwnership || (secdef && secdef->norelabel))
+ return 0;
+
for (i = 0; i < def->ndisks; i++) {
/* XXX fixme - we need to recursively label the entire tree :-( */
if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR)
--
1.8.1.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list