mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
security: selinux: Pass parent storage source into image labeling helper
virSecuritySELinuxSetImageLabelInternal assigns different labels to backing chain members than to the parent image. This was done via the 'first' flag. Convert it to passing in pointer to the parent virStorageSource. This will allow us to use the parent virStorageSource in further changes.
This commit is contained in:
parent
b4daf6af9a
commit
023da7ddbd
@ -1592,7 +1592,7 @@ static int
|
|||||||
virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
|
virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virStorageSourcePtr src,
|
virStorageSourcePtr src,
|
||||||
bool first)
|
virStorageSourcePtr parent)
|
||||||
{
|
{
|
||||||
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
|
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
|
||||||
virSecurityLabelDefPtr secdef;
|
virSecurityLabelDefPtr secdef;
|
||||||
@ -1614,7 +1614,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
|
|||||||
|
|
||||||
if (disk_seclabel && disk_seclabel->relabel && disk_seclabel->label) {
|
if (disk_seclabel && disk_seclabel->relabel && disk_seclabel->label) {
|
||||||
ret = virSecuritySELinuxSetFilecon(mgr, src->path, disk_seclabel->label);
|
ret = virSecuritySELinuxSetFilecon(mgr, src->path, disk_seclabel->label);
|
||||||
} else if (first) {
|
} else if (!parent || parent == src) {
|
||||||
if (src->shared) {
|
if (src->shared) {
|
||||||
ret = virSecuritySELinuxSetFileconOptional(mgr,
|
ret = virSecuritySELinuxSetFileconOptional(mgr,
|
||||||
src->path,
|
src->path,
|
||||||
@ -1660,7 +1660,7 @@ virSecuritySELinuxSetImageLabel(virSecurityManagerPtr mgr,
|
|||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virStorageSourcePtr src)
|
virStorageSourcePtr src)
|
||||||
{
|
{
|
||||||
return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, true);
|
return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1670,14 +1670,11 @@ virSecuritySELinuxSetDiskLabel(virSecurityManagerPtr mgr,
|
|||||||
virDomainDiskDefPtr disk)
|
virDomainDiskDefPtr disk)
|
||||||
|
|
||||||
{
|
{
|
||||||
bool first = true;
|
|
||||||
virStorageSourcePtr next;
|
virStorageSourcePtr next;
|
||||||
|
|
||||||
for (next = disk->src; virStorageSourceIsBacking(next); next = next->backingStore) {
|
for (next = disk->src; virStorageSourceIsBacking(next); next = next->backingStore) {
|
||||||
if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, first) < 0)
|
if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, disk->src) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
first = false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user