mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-09-24 08:25:45 +00:00
d1fdecb624
https://bugzilla.redhat.com/show_bug.cgi?id=996543 When starting up a domain, the SELinux labeling is done depending on current configuration. If the labeling fails we check for possible causes, as not all labeling failures are fatal. For example, if the labeled file is on NFS which lacks SELinux support, the file can still be readable to qemu process. These cases are distinguished by the errno code: NFS without SELinux support returns EOPNOTSUPP. However, we were missing one scenario. In case there's a read-only disk on a read-only NFS (and possibly any FS) and the labeling is just optional (not explicitly requested in the XML) there's no need to make the labeling error fatal. In other words, read-only file on read-only NFS can fail to be labeled, but be readable at the same time. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> |
||
---|---|---|
.. | ||
security_apparmor.c | ||
security_apparmor.h | ||
security_dac.c | ||
security_dac.h | ||
security_driver.c | ||
security_driver.h | ||
security_manager.c | ||
security_manager.h | ||
security_nop.c | ||
security_nop.h | ||
security_selinux.c | ||
security_selinux.h | ||
security_stack.c | ||
security_stack.h | ||
virt-aa-helper.c |