mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-12 07:42:56 +00:00
904e05a292
This wires up the XML changes in the previous patch to let SELinux labeling honor user overrides, as well as affecting the live XML configuration in one case where the user didn't specify anything in the offline XML. I noticed that the logs contained messages like this: 2011-12-05 23:32:40.382+0000: 26569: warning : SELinuxRestoreSecurityFileLabel:533 : cannot lookup default selinux label for /nfs/libvirt/images/dom.img for all my domain images living on NFS. But if we would just remember that on domain creation that we were unable to set a SELinux label (due to NFSv3 lacking labels, or NFSv4 not being configured to expose attributes), then we could avoid wasting the time trying to clear the label on domain shutdown. This in turn is one less point of NFS failure, especially since there have been documented cases of virDomainDestroy hanging during an attempted operation on a failed NFS connection. * src/security/security_selinux.c (SELinuxSetFilecon): Move guts... (SELinuxSetFileconHelper): ...to new function. (SELinuxSetFileconOptional): New function. (SELinuxSetSecurityFileLabel): Honor override label, and remember if labeling failed. (SELinuxRestoreSecurityImageLabelInt): Skip relabeling based on override.
LibVirt : simple API for virtualization
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.
Daniel Veillard <veillard@redhat.com>