mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 14:45:24 +00:00
Allow domain disk images on root-squash NFS to coexist with security driver.
(suggested by Daniel Berrange, tested by Dan Kenigsberg) virStorageFileGetMetadata will fail for disk images that are stored on a root-squash NFS share that isn't world-readable. SELinuxSetSecurityImageLabel is called during the startup of every domain (as long as security_driver != "none"), and it will propogate the error from virStorageFileGetMetadata, causing the domain startup to fail. This is, however, a common scenario when qemu is run as a non-root user and the disk image is stored on NFS. Ignoring this failure (which doesn't matter in this case, since the next thing done by SELinuxSetSecurityImageLabel - setting the file context - will also fail (and that function already ignores failures due to root-squash NFS) will allow us to continue bringing up the domain. The result is that we don't need to disable the entire security driver just because a domain's disk image is stored on root-squashed NFS.
This commit is contained in:
parent
78151ec96e
commit
8a7b4be5ab
@ -430,7 +430,7 @@ SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
|
||||
path = NULL;
|
||||
|
||||
if (ret < 0)
|
||||
return -1;
|
||||
break;
|
||||
|
||||
if (meta.backingStore != NULL &&
|
||||
SELinuxSetFilecon(meta.backingStore,
|
||||
|
Loading…
Reference in New Issue
Block a user