Static labelling has the relabel set to no by default and restore of a saved
image file fails when the selinux context is static. This is because the saved
file doesnt have the context set during the saving.
The libvirt has to set the conext of save image file to that of the guest
during save. The fix applies to both managedsave and save codepath.
The managedsave works as is without the fix as well since the files are saved
in the directory having viable default context.
Signed-off-by: Shivaprasad G Bhat <shivaprasadbhat@xxxxxxxxx>
---
src/qemu/qemu_driver.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3a7622a..e4390ee 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2966,6 +2966,9 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
if (fd < 0)
goto cleanup;
+ if (asyncJob == QEMU_ASYNC_JOB_SAVE)
+ virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, fd);
+
if (!(wrapperFd = virFileWrapperFdNew(&fd, path, wrapperFlags)))
goto cleanup;
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list