]> xenbits.xensource.com Git - libvirt.git/commit
projects / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 256e01e) | patch
security: Don't remember seclabel for paths we haven't locked successfully
authorMichal Privoznik <mprivozn@redhat.com>
Thu, 20 Feb 2020 14:38:10 +0000 (15:38 +0100)
committerMichal Privoznik <mprivozn@redhat.com>
Tue, 25 Feb 2020 10:09:18 +0000 (11:09 +0100)
commit5fddf61351f44e4186c0313d81907024c574201b
tree12b778b68d377f3ca50bfc8352e9949c4b8b3875tree
parent256e01e59e922ff70dce56284e53e3463d4dc072commit | diff
security: Don't remember seclabel for paths we haven't locked successfully

There are some cases where we want to remember the original owner
of a file but we fail to lock it for XATTR change (e.g. root
squashed NFS). If that is the case we error out and refuse to
start a domain. Well, we can do better if we disable remembering
for paths we haven't locked successfully.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
src/security/security_dac.c diff | blob | blame | history
src/security/security_manager.c diff | blob | blame | history
src/security/security_manager.h diff | blob | blame | history
src/security/security_selinux.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.