mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-05 12:35:20 +00:00
security: selinux: Add is_toplevel to SetImageLabelInternal
This will simplify future patches and make the logic easier to follow Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Cole Robinson <crobinso@redhat.com>
This commit is contained in:
parent
65181d419e
commit
a36d3b88d6
@ -1826,6 +1826,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
|
|||||||
virSecurityDeviceLabelDefPtr parent_seclabel = NULL;
|
virSecurityDeviceLabelDefPtr parent_seclabel = NULL;
|
||||||
char *use_label = NULL;
|
char *use_label = NULL;
|
||||||
bool remember;
|
bool remember;
|
||||||
|
bool is_toplevel = parent == src;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if (!src->path || !virStorageSourceIsLocalStorage(src))
|
if (!src->path || !virStorageSourceIsLocalStorage(src))
|
||||||
@ -1847,7 +1848,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
|
|||||||
* but the top layer, or read only image, or disk explicitly
|
* but the top layer, or read only image, or disk explicitly
|
||||||
* marked as shared.
|
* marked as shared.
|
||||||
*/
|
*/
|
||||||
remember = src == parent && !src->readonly && !src->shared;
|
remember = is_toplevel && !src->readonly && !src->shared;
|
||||||
|
|
||||||
disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
|
disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
|
||||||
SECURITY_SELINUX_NAME);
|
SECURITY_SELINUX_NAME);
|
||||||
@ -1864,7 +1865,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
use_label = parent_seclabel->label;
|
use_label = parent_seclabel->label;
|
||||||
} else if (parent == src) {
|
} else if (is_toplevel) {
|
||||||
if (src->shared) {
|
if (src->shared) {
|
||||||
use_label = data->file_context;
|
use_label = data->file_context;
|
||||||
} else if (src->readonly) {
|
} else if (src->readonly) {
|
||||||
|
Loading…
Reference in New Issue
Block a user