mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 14:15:28 +00:00
security: Do not restore kernel and initrd labels
Kernel/initrd files are essentially read-only shareable images and thus
should be handled in the same way. We already use the appropriate label
for kernel/initrd files when starting a domain, but when a domain gets
destroyed we would remove the labels which would make other running
domains using the same files very unhappy.
https://bugzilla.redhat.com/show_bug.cgi?id=921135
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 68acc701bd
)
This commit is contained in:
parent
40df40f35a
commit
74909e9648
@ -971,14 +971,6 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
|
||||
virSecurityDACRestoreSecurityFileLabel(def->os.loader->nvram) < 0)
|
||||
rc = -1;
|
||||
|
||||
if (def->os.kernel &&
|
||||
virSecurityDACRestoreSecurityFileLabel(def->os.kernel) < 0)
|
||||
rc = -1;
|
||||
|
||||
if (def->os.initrd &&
|
||||
virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
|
||||
rc = -1;
|
||||
|
||||
if (def->os.dtb &&
|
||||
virSecurityDACRestoreSecurityFileLabel(def->os.dtb) < 0)
|
||||
rc = -1;
|
||||
|
@ -1978,14 +1978,6 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
|
||||
virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.loader->nvram) < 0)
|
||||
rc = -1;
|
||||
|
||||
if (def->os.kernel &&
|
||||
virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.kernel) < 0)
|
||||
rc = -1;
|
||||
|
||||
if (def->os.initrd &&
|
||||
virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0)
|
||||
rc = -1;
|
||||
|
||||
if (def->os.dtb &&
|
||||
virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.dtb) < 0)
|
||||
rc = -1;
|
||||
|
Loading…
Reference in New Issue
Block a user