Re-label image file backing stores

Use virStorageFileGetMetadata() to find any backing stores for images and re-label them Without this, qemu cannot access qcow2 backing files, see: https://bugzilla.redhat.com/497131 * src/security/security_selinux.c: re-label backing store files in SELinuxSetSecurityImageLabel()
2025-03-20 07:59:00 +00:00 · 2009-09-25 14:20:13 +01:00 · 2009-09-25 14:20:13 +01:00 · fe627697a3
commit fe627697a3
parent 295fd6e833
1 changed files with 28 additions and 0 deletions
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@ -27,6 +27,7 @@
 #include "logging.h"
 #include "pci.h"
 #include "hostusb.h"
+#include "storage_file.h"

 #define VIR_FROM_THIS VIR_FROM_SECURITY

@ -403,10 +404,37 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,

 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+    const char *path;

    if (!disk->src)
        return 0;

+    path = disk->src;
+    do {
+        virStorageFileMetadata meta;
+        int ret;
+
+        memset(&meta, 0, sizeof(meta));
+
+        ret = virStorageFileGetMetadata(conn, path, &meta);
+
+        if (path != disk->src)
+            VIR_FREE(path);
+        path = NULL;
+
+        if (ret < 0)
+            return -1;
+
+        if (meta.backingStore != NULL &&
+            SELinuxSetFilecon(conn, meta.backingStore,
+                              default_content_context) < 0) {
+            VIR_FREE(meta.backingStore);
+            return -1;
+        }
+
+        path = meta.backingStore;
+    } while (path != NULL);
+
    if (disk->shared) {
        return SELinuxSetFilecon(conn, disk->src, default_image_context);
    } else if (disk->readonly) {