mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 22:25:25 +00:00
security: Set permissions for kernel/initrd
Fixes URL installs when running virt-install as root on Fedora.
This commit is contained in:
parent
6d5c8a8f51
commit
3f1aa08af6
@ -332,6 +332,15 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
|
||||
vm->def->disks[i]) < 0)
|
||||
rc = -1;
|
||||
}
|
||||
|
||||
if (vm->def->os.kernel &&
|
||||
qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
|
||||
rc = -1;
|
||||
|
||||
if (vm->def->os.initrd &&
|
||||
qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
|
||||
rc = -1;
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -356,6 +365,18 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (vm->def->os.kernel &&
|
||||
qemuSecurityDACSetOwnership(vm->def->os.kernel,
|
||||
driver->user,
|
||||
driver->group) < 0)
|
||||
return -1;
|
||||
|
||||
if (vm->def->os.initrd &&
|
||||
qemuSecurityDACSetOwnership(vm->def->os.initrd,
|
||||
driver->user,
|
||||
driver->group) < 0)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -616,6 +616,14 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
|
||||
rc = -1;
|
||||
}
|
||||
|
||||
if (vm->def->os.kernel &&
|
||||
SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
|
||||
rc = -1;
|
||||
|
||||
if (vm->def->os.initrd &&
|
||||
SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
|
||||
rc = -1;
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -736,6 +744,14 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (vm->def->os.kernel &&
|
||||
SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
|
||||
return -1;
|
||||
|
||||
if (vm->def->os.initrd &&
|
||||
SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user