mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-07 23:05:48 +00:00
0f1993aa15
When security drivers are active but confinement is not enabled, there is no need to autogenerate <seclabel> elements when starting a domain def that contains no <seclabel> elements. In fact, autogenerating the elements can result in needless save/restore and migration failures when the security driver is not active on the restore/migration target. This patch changes the virSecurityManagerGenLabel function in src/security_manager.c to only autogenerate a <seclabel> element if none is already defined for the domain *and* default confinement is enabled. Otherwise the needless <seclabel> autogeneration is skipped. Resolves: https://bugzilla.opensuse.org/show_bug.cgi?id=1051017 |
||
---|---|---|
.. | ||
security_apparmor.c | ||
security_apparmor.h | ||
security_dac.c | ||
security_dac.h | ||
security_driver.c | ||
security_driver.h | ||
security_manager.c | ||
security_manager.h | ||
security_nop.c | ||
security_nop.h | ||
security_selinux.c | ||
security_selinux.h | ||
security_stack.c | ||
security_stack.h | ||
virt-aa-helper.c |