External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 05:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: DAC: handle qcow2 data-file on image label set/restore

Browse Source 
Signed-off-by: Nikolai Barybin <nikolai.barybin@virtuozzo.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Nikolai Barybin 2024-11-20 18:48:43 +03:00 committed by Peter Krempa
parent 0a3d177d9b
commit 724a4c6dc4
1 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/security/security_dac.c
View File

@ -969,6 +969,13 @@ virSecurityDACSetImageLabel(virSecurityManager *mgr,
def, n, parent, isChainTop) < 0)
return -1;
/* Unlike backing images, data files are not designed to be shared by
* anyone. Thus, we always consider them as chain top. */
if (n->dataFileStore &&
virSecurityDACSetImageLabelInternal(mgr, sharedFilesystems, def,
n->dataFileStore, n, true) < 0)
return -1;
if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN))
break;
@ -1065,8 +1072,16 @@ virSecurityDACRestoreImageLabel(virSecurityManager *mgr,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
{
return virSecurityDACRestoreImageLabelInt(mgr, sharedFilesystems,
def, src, false);
if (virSecurityDACRestoreImageLabelInt(mgr, sharedFilesystems,
def, src, false) < 0)
return -1;
if (src->dataFileStore &&
virSecurityDACRestoreImageLabelInt(mgr, sharedFilesystems,
def, src->dataFileStore, false) < 0)
return -1;
return 0;
}
@ -1946,6 +1961,14 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
def->disks[i]->src,
migrated) < 0)
rc = -1;
if (def->disks[i]->src->dataFileStore &&
virSecurityDACRestoreImageLabelInt(mgr,
sharedFilesystems,
def,
def->disks[i]->src->dataFileStore,
migrated) < 0)
rc = -1;
}
for (i = 0; i < def->ngraphics; i++) {