Skip file-based security checks for network disks

Network disks are accessed by qemu directly, and have no
associated file on the host, so checking for file ownership etc.
is unnecessary.

Signed-off-by: Josh Durgin <joshd@hq.newdream.net>
This commit is contained in:
Josh Durgin 2010-12-20 18:30:58 -08:00 committed by Eric Blake
parent 2954eb7b35
commit ee3efc41e6
4 changed files with 4 additions and 4 deletions

View File

@ -8353,7 +8353,7 @@ int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
size_t depth = 0; size_t depth = 0;
char *nextpath = NULL; char *nextpath = NULL;
if (!disk->src) if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
return 0; return 0;
if (disk->driverType) { if (disk->driverType) {

View File

@ -144,7 +144,7 @@ qemuSecurityDACRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_U
if (disk->readonly || disk->shared) if (disk->readonly || disk->shared)
return 0; return 0;
if (!disk->src) if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
return 0; return 0;
/* If we have a shared FS & doing migrated, we must not /* If we have a shared FS & doing migrated, we must not

View File

@ -619,7 +619,7 @@ AppArmorSetSecurityImageLabel(virSecurityDriverPtr drv,
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
return 0; return 0;
if (!disk->src) if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
return 0; return 0;
if (secdef->imagelabel) { if (secdef->imagelabel) {

View File

@ -436,7 +436,7 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
if (disk->readonly || disk->shared) if (disk->readonly || disk->shared)
return 0; return 0;
if (!disk->src) if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
return 0; return 0;
/* If we have a shared FS & doing migrated, we must not /* If we have a shared FS & doing migrated, we must not