Ján Tomko wrote: > On 04/04/2014 02:34 PM, Michal Privoznik wrote: > [...] >> src/security/security_dac.c | 92 +++++++++++++++++++++++++++++++++++---------- >> 1 file changed, 73 insertions(+), 19 deletions(-) >> >> diff --git a/src/security/security_dac.c b/src/security/security_dac.c >> index 8835d49..f15a0e9 100644 >> --- a/src/security/security_dac.c >> +++ b/src/security/security_dac.c >> @@ -286,7 +286,7 @@ virSecurityDACRestoreSecurityFileLabel(const char *path) >> >> >> static int >> -virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, >> +virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk, >> const char *path, >> size_t depth ATTRIBUTE_UNUSED, >> void *opaque) >> @@ -295,11 +295,23 @@ virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, >> virSecurityManagerPtr mgr = cbdata->manager; >> virSecurityLabelDefPtr secdef = cbdata->secdef; >> virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); >> + virSecurityDeviceLabelDefPtr disk_seclabel; >> uid_t user; >> gid_t group; >> >> - if (virSecurityDACGetImageIds(secdef, priv, &user, &group) < 0) >> - return -1; >> + disk_seclabel = virDomainDiskDefGetSecurityLabelDef(disk, >> + SECURITY_DAC_NAME); >> + >> + if (disk_seclabel && disk_seclabel->norelabel) >> + return 0; >> > > What if the domain label has relabel='no', but the disk label has relabel='yes'? > Seems that configuration is not valid. When trying it, I get error: XML error: label overrides require relabeling to be enabled at the domain level Regards, Jim -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list