mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-08-28 03:21:19 +00:00
Don't restore labels on shared/readonly disks
* src/security_selinux.c: Skip relabelling of shared/readonly disks upon shutdown, since this breaks other VMs still active using those disks
This commit is contained in:
parent
be18d3a732
commit
ed5a25841f
@ -354,6 +354,17 @@ SELinuxRestoreSecurityImageLabel(virConnectPtr conn,
|
|||||||
char *newpath = NULL;
|
char *newpath = NULL;
|
||||||
const char *path = disk->src;
|
const char *path = disk->src;
|
||||||
|
|
||||||
|
/* Don't restore labels on readoly/shared disks, because
|
||||||
|
* other VMs may still be accessing these
|
||||||
|
* Alternatively we could iterate over all running
|
||||||
|
* domains and try to figure out if it is in use, but
|
||||||
|
* this would not work for clustered filesystems, since
|
||||||
|
* we can't see running VMs using the file on other nodes
|
||||||
|
* Safest bet is thus to skip the restore step.
|
||||||
|
*/
|
||||||
|
if (disk->readonly || disk->shared)
|
||||||
|
return 0;
|
||||||
|
|
||||||
if ((err = virFileResolveLink(path, &newpath)) < 0) {
|
if ((err = virFileResolveLink(path, &newpath)) < 0) {
|
||||||
virReportSystemError(conn, err,
|
virReportSystemError(conn, err,
|
||||||
_("cannot resolve symlink %s"), path);
|
_("cannot resolve symlink %s"), path);
|
||||||
|
Loading…
Reference in New Issue
Block a user