From b635b7a1af0e64754016d758376f382470bc11e7 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Thu, 11 Sep 2014 10:04:35 +0200 Subject: [PATCH] selinux: Properly check TAP FD label After a4431931 the TAP FDs ale labeled with image label instead of the process label. On the other hand, the commit was incomplete as a few lines above, there's still old check for the process label presence while it should be check for the image label instead. Signed-off-by: Michal Privoznik --- src/security/security_selinux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 7064158e33..bf67fb501f 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2347,7 +2347,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (!secdef || !secdef->label) + if (!secdef || !secdef->imagelabel) return 0; return virSecuritySELinuxFSetFilecon(fd, secdef->imagelabel);