mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-08 22:15:21 +00:00
virSecurityDACRestoreImageLabelInt: Restore even shared/RO disks
Now that we have seclabel remembering we can safely restore labels for shared and RO disks. In fact we need to do that to keep seclabel refcount stored in XATTRs in sync with reality. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
1845d3ad5d
commit
d7420430ce
@ -932,14 +932,6 @@ virSecurityDACRestoreImageLabelInt(virSecurityManagerPtr mgr,
|
||||
if (!priv->dynamicOwnership)
|
||||
return 0;
|
||||
|
||||
/* Don't restore labels on readoly/shared disks, because other VMs may
|
||||
* still be accessing these. Alternatively we could iterate over all
|
||||
* running domains and try to figure out if it is in use, but this would
|
||||
* not work for clustered filesystems, since we can't see running VMs using
|
||||
* the file on other nodes. Safest bet is thus to skip the restore step. */
|
||||
if (src->readonly || src->shared)
|
||||
return 0;
|
||||
|
||||
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
|
||||
if (secdef && !secdef->relabel)
|
||||
return 0;
|
||||
|
Loading…
Reference in New Issue
Block a user