mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 14:45:24 +00:00
security_dac: avoid relabeling when relabel='no'
If relabel='no' at the domain level, no need to attempt relabeling in virSecurityDAC{Set,Restore}SecurityAllLabel(). Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Jim Fehlig <jfehlig@suse.com>
This commit is contained in:
parent
3de7e4ec5e
commit
9369a56244
@ -823,12 +823,14 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
|
|||||||
int migrated)
|
int migrated)
|
||||||
{
|
{
|
||||||
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||||
|
virSecurityLabelDefPtr secdef;
|
||||||
size_t i;
|
size_t i;
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (!priv->dynamicOwnership)
|
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
|
||||||
return 0;
|
|
||||||
|
|
||||||
|
if (!priv->dynamicOwnership || (secdef && secdef->norelabel))
|
||||||
|
return 0;
|
||||||
|
|
||||||
VIR_DEBUG("Restoring security label on %s migrated=%d",
|
VIR_DEBUG("Restoring security label on %s migrated=%d",
|
||||||
def->name, migrated);
|
def->name, migrated);
|
||||||
@ -898,11 +900,11 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
|
|||||||
uid_t user;
|
uid_t user;
|
||||||
gid_t group;
|
gid_t group;
|
||||||
|
|
||||||
if (!priv->dynamicOwnership)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
|
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
|
||||||
|
|
||||||
|
if (!priv->dynamicOwnership || (secdef && secdef->norelabel))
|
||||||
|
return 0;
|
||||||
|
|
||||||
for (i = 0; i < def->ndisks; i++) {
|
for (i = 0; i < def->ndisks; i++) {
|
||||||
/* XXX fixme - we need to recursively label the entire tree :-( */
|
/* XXX fixme - we need to recursively label the entire tree :-( */
|
||||||
if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR)
|
if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR)
|
||||||
|
Loading…
Reference in New Issue
Block a user