Re: [PATCHv3 05/26] security: manager: Document behavior of disk label manipulation funcs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/25/2014 10:54 AM, Peter Krempa wrote:
> virSecurityManagerSetDiskLabel and virSecurityManagerRestoreDiskLabel
> don't have complementary semantics. Document the semantics to avoid
> possible problems.
> ---
>  src/security/security_manager.c | 22 ++++++++++++++++++++++
>  1 file changed, 22 insertions(+)
> 
> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index bb12e8e..06e5123 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -331,6 +331,17 @@ virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr)
>  }
> 
> 
> +/**
> + * virSecurityManagerRestoreDiskLabel:
> + * @mgr: security manager object
> + * @vm: domain definition object
> + * @disk: disk definition to operate on
> + *
> + * Removes security label from the source image of the disk. Note that this
> + * function doesn't restore labels on backing chain elements of @disk.

which probably ought to be considered a bug, and something that we might
change in the future - but accurate documentation of what it does now.
Restoring labels on backing chains is tricky - we need to start keeping
a reference count of all places that are using a backing file (as it can
be in use by more than one chain, even by more than one domain), and
really the label restore ought to be part of releasing the last use of a
storage volume after all domains are done sharing the same backing file.
 The disk lease manager may be helpful, as backing files are shared
(readonly) leases.

ACK.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]