mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 22:25:25 +00:00
security: don't try to label network disks
Network disks don't have paths to be resolved or files to be checked
for ownership. ee3efc41e6
checked this
for some image label functions, but was partially reverted in a
refactor. This finishes adding the check to each security driver's
set and restore label methods for images.
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
This commit is contained in:
parent
4d9e51f633
commit
20e1233c31
@ -606,6 +606,9 @@ AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
|
||||
virDomainObjPtr vm,
|
||||
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
|
||||
{
|
||||
if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
|
||||
return 0;
|
||||
|
||||
return reload_profile(mgr, vm, NULL, false);
|
||||
}
|
||||
|
||||
|
@ -180,6 +180,9 @@ virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr,
|
||||
if (!priv->dynamicOwnership)
|
||||
return 0;
|
||||
|
||||
if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
|
||||
return 0;
|
||||
|
||||
return virDomainDiskDefForeachPath(disk,
|
||||
virSecurityManagerGetAllowDiskFormatProbing(mgr),
|
||||
false,
|
||||
@ -199,6 +202,9 @@ virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
|
||||
if (!priv->dynamicOwnership)
|
||||
return 0;
|
||||
|
||||
if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
|
||||
return 0;
|
||||
|
||||
/* Don't restore labels on readoly/shared disks, because
|
||||
* other VMs may still be accessing these
|
||||
* Alternatively we could iterate over all running
|
||||
|
@ -636,6 +636,9 @@ SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
|
||||
if (secdef->norelabel)
|
||||
return 0;
|
||||
|
||||
if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
|
||||
return 0;
|
||||
|
||||
return virDomainDiskDefForeachPath(disk,
|
||||
allowDiskFormatProbing,
|
||||
true,
|
||||
|
Loading…
Reference in New Issue
Block a user