diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 2733fa664f..347a7a5f63 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1653,14 +1653,14 @@ virSecurityDACSetTPMFileLabel(virSecurityManagerPtr mgr, switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: - ret = virSecurityDACSetChardevLabel(mgr, def, - &tpm->data.passthrough.source, - false); + ret = virSecurityDACSetChardevLabelHelper(mgr, def, + &tpm->data.passthrough.source, + false, false); break; case VIR_DOMAIN_TPM_TYPE_EMULATOR: - ret = virSecurityDACSetChardevLabel(mgr, def, - &tpm->data.emulator.source, - false); + ret = virSecurityDACSetChardevLabelHelper(mgr, def, + &tpm->data.emulator.source, + false, false); break; case VIR_DOMAIN_TPM_TYPE_LAST: break; @@ -1679,9 +1679,9 @@ virSecurityDACRestoreTPMFileLabel(virSecurityManagerPtr mgr, switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: - ret = virSecurityDACRestoreChardevLabel(mgr, def, - &tpm->data.passthrough.source, - false); + ret = virSecurityDACRestoreChardevLabelHelper(mgr, def, + &tpm->data.passthrough.source, + false, false); break; case VIR_DOMAIN_TPM_TYPE_EMULATOR: /* swtpm will have removed the Unix socket upon termination */ diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index e3be724a2b..0486bdd6b6 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1682,14 +1682,14 @@ virSecuritySELinuxSetTPMFileLabel(virSecurityManagerPtr mgr, switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: tpmdev = tpm->data.passthrough.source.data.file.path; - rc = virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagelabel, true); + rc = virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagelabel, false); if (rc < 0) return -1; if ((cancel_path = virTPMCreateCancelPath(tpmdev)) != NULL) { rc = virSecuritySELinuxSetFilecon(mgr, cancel_path, - seclabel->imagelabel, true); + seclabel->imagelabel, false); VIR_FREE(cancel_path); if (rc < 0) { virSecuritySELinuxRestoreTPMFileLabelInt(mgr, def, tpm); @@ -1701,7 +1701,7 @@ virSecuritySELinuxSetTPMFileLabel(virSecurityManagerPtr mgr, break; case VIR_DOMAIN_TPM_TYPE_EMULATOR: tpmdev = tpm->data.emulator.source.data.nix.path; - rc = virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagelabel, true); + rc = virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagelabel, false); if (rc < 0) return -1; break; @@ -1730,10 +1730,10 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurityManagerPtr mgr, switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: tpmdev = tpm->data.passthrough.source.data.file.path; - rc = virSecuritySELinuxRestoreFileLabel(mgr, tpmdev, true); + rc = virSecuritySELinuxRestoreFileLabel(mgr, tpmdev, false); if ((cancel_path = virTPMCreateCancelPath(tpmdev)) != NULL) { - if (virSecuritySELinuxRestoreFileLabel(mgr, cancel_path, true) < 0) + if (virSecuritySELinuxRestoreFileLabel(mgr, cancel_path, false) < 0) rc = -1; VIR_FREE(cancel_path); }