mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-11 15:27:47 +00:00
security_dac: avoid relabeling hostdevs when relabel='no'
When relabel='no' at the domain level, there is no need to call the hostdev relabeling functions. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Jim Fehlig <jfehlig@suse.com>
This commit is contained in:
parent
3c2487ab0a
commit
bb917a90b1
@ -485,6 +485,9 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
||||
cbdata.manager = mgr;
|
||||
cbdata.secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
|
||||
|
||||
if (cbdata.secdef && cbdata.secdef->norelabel)
|
||||
return 0;
|
||||
|
||||
switch ((enum virDomainHostdevSubsysType) dev->source.subsys.type) {
|
||||
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
|
||||
virUSBDevicePtr usb;
|
||||
@ -601,9 +604,12 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
||||
|
||||
{
|
||||
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||
virSecurityLabelDefPtr secdef;
|
||||
int ret = -1;
|
||||
|
||||
if (!priv->dynamicOwnership)
|
||||
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
|
||||
|
||||
if (!priv->dynamicOwnership || (secdef && secdef->norelabel))
|
||||
return 0;
|
||||
|
||||
if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
|
||||
|
Loading…
Reference in New Issue
Block a user