Re: [PATCHv2 2/2] security_dac: Honor norelabel attribute

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ján Tomko wrote:
> On 04/04/2014 02:34 PM, Michal Privoznik wrote:
>   
[...]
>>  src/security/security_dac.c | 92 +++++++++++++++++++++++++++++++++++----------
>>  1 file changed, 73 insertions(+), 19 deletions(-)
>>
>> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
>> index 8835d49..f15a0e9 100644
>> --- a/src/security/security_dac.c
>> +++ b/src/security/security_dac.c
>> @@ -286,7 +286,7 @@ virSecurityDACRestoreSecurityFileLabel(const char *path)
>>  
>>  
>>  static int
>> -virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
>> +virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk,
>>                                     const char *path,
>>                                     size_t depth ATTRIBUTE_UNUSED,
>>                                     void *opaque)
>> @@ -295,11 +295,23 @@ virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
>>      virSecurityManagerPtr mgr = cbdata->manager;
>>      virSecurityLabelDefPtr secdef = cbdata->secdef;
>>      virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
>> +    virSecurityDeviceLabelDefPtr disk_seclabel;
>>      uid_t user;
>>      gid_t group;
>>  
>> -    if (virSecurityDACGetImageIds(secdef, priv, &user, &group) < 0)
>> -        return -1;
>> +    disk_seclabel = virDomainDiskDefGetSecurityLabelDef(disk,
>> +                                                        SECURITY_DAC_NAME);
>> +
>> +    if (disk_seclabel && disk_seclabel->norelabel)
>> +        return 0;
>>     
>
> What if the domain label has relabel='no', but the disk label has relabel='yes'?
>   

Seems that configuration is not valid.  When trying it, I get

error: XML error: label overrides require relabeling to be enabled at
the domain level

Regards,
Jim

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]