External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-01 17:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: selinux: Label externalDataStore

Browse Source 
We mirror the labeling strategy that was used for its top image

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
This commit is contained in:
Cole Robinson 2019-10-07 16:20:16 -04:00
parent dbdf150b45
commit 36138eaecf
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/security/security_selinux.c
View File

@ -1846,7 +1846,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
virSecurityDeviceLabelDefPtr parent_seclabel = NULL; virSecurityDeviceLabelDefPtr parent_seclabel = NULL;
char *use_label = NULL; char *use_label = NULL;
bool remember; bool remember;
bool is_toplevel = parent == src; bool is_toplevel = parent == src || parent->externalDataStore == src;
int ret; int ret;
if (!src->path || !virStorageSourceIsLocalStorage(src)) if (!src->path || !virStorageSourceIsLocalStorage(src))
@ -1933,6 +1933,14 @@ virSecuritySELinuxSetImageLabelRelative(virSecurityManagerPtr mgr,
if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, parent) < 0) if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, parent) < 0)
return -1; return -1;
if (n->externalDataStore &&
virSecuritySELinuxSetImageLabelRelative(mgr,
def,
n->externalDataStore,
parent,
flags) < 0)
return -1;
if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN))
break; break;
} }