mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 14:45:24 +00:00
security_dac: avoid relabeling hostdevs when relabel='no'
When relabel='no' at the domain level, there is no need to call the hostdev relabeling functions. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Jim Fehlig <jfehlig@suse.com>
This commit is contained in:
parent
3c2487ab0a
commit
bb917a90b1
@ -485,6 +485,9 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
|||||||
cbdata.manager = mgr;
|
cbdata.manager = mgr;
|
||||||
cbdata.secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
|
cbdata.secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
|
||||||
|
|
||||||
|
if (cbdata.secdef && cbdata.secdef->norelabel)
|
||||||
|
return 0;
|
||||||
|
|
||||||
switch ((enum virDomainHostdevSubsysType) dev->source.subsys.type) {
|
switch ((enum virDomainHostdevSubsysType) dev->source.subsys.type) {
|
||||||
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
|
||||||
virUSBDevicePtr usb;
|
virUSBDevicePtr usb;
|
||||||
@ -601,9 +604,12 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
|||||||
|
|
||||||
{
|
{
|
||||||
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||||
|
virSecurityLabelDefPtr secdef;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
|
||||||
if (!priv->dynamicOwnership)
|
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
|
||||||
|
|
||||||
|
if (!priv->dynamicOwnership || (secdef && secdef->norelabel))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
|
if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
|
||||||
|
Loading…
Reference in New Issue
Block a user