security_dac: avoid relabeling when relabel='no'

If relabel='no' at the domain level, no need to attempt relabeling
in virSecurityDAC{Set,Restore}SecurityAllLabel().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
This commit is contained in:
Jim Fehlig 2014-05-15 16:38:01 -06:00
parent 3de7e4ec5e
commit 9369a56244

View File

@ -823,12 +823,14 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
int migrated)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityLabelDefPtr secdef;
size_t i;
int rc = 0;
if (!priv->dynamicOwnership)
return 0;
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
if (!priv->dynamicOwnership || (secdef && secdef->norelabel))
return 0;
VIR_DEBUG("Restoring security label on %s migrated=%d",
def->name, migrated);
@ -898,11 +900,11 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
uid_t user;
gid_t group;
if (!priv->dynamicOwnership)
return 0;
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
if (!priv->dynamicOwnership || (secdef && secdef->norelabel))
return 0;
for (i = 0; i < def->ndisks; i++) {
/* XXX fixme - we need to recursively label the entire tree :-( */
if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR)