External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-30 21:47:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

selinux: Always generate imagelabel

Browse Source 
The imagelabel SELinux label was only generated when relabeling was
enabled. This prohibited labeling of files created by libvirt that need
to be labeled even if relabeling is turned off.

The only codepath this change has direct impact on is labeling of FDs
passed to qemu which is always safe in current state.
This commit is contained in:
Peter Krempa 2013-07-02 18:34:58 +02:00
parent e45ee23c59
commit 2ce63c1611
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/security/security_selinux.c
View File

@ -687,13 +687,12 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
goto cleanup;
}
if (!seclabel->norelabel) {
seclabel->imagelabel = virSecuritySELinuxGenNewContext(data->file_context,
mcs,
true);
if (!seclabel->imagelabel)
goto cleanup;
}
/* always generate a image label, needed to label new objects */
seclabel->imagelabel = virSecuritySELinuxGenNewContext(data->file_context,
mcs,
true);
if (!seclabel->imagelabel)
goto cleanup;
if (!seclabel->model &&
VIR_STRDUP(seclabel->model, SECURITY_SELINUX_NAME) < 0)