]> xenbits.xensource.com Git - libvirt.git/commitdiff
projects / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b4daf6a)
security: selinux: Pass parent storage source into image labeling helper
authorPeter Krempa <pkrempa@redhat.com>
Tue, 17 Oct 2017 05:25:51 +0000 (07:25 +0200)
committerPeter Krempa <pkrempa@redhat.com>
Fri, 3 Nov 2017 08:15:41 +0000 (09:15 +0100)
virSecuritySELinuxSetImageLabelInternal assigns different labels to
backing chain members than to the parent image. This was done via the
'first' flag. Convert it to passing in pointer to the parent
virStorageSource. This will allow us to use the parent virStorageSource
in further changes.

src/security/security_selinux.c patch | blob | blame | history

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index cd3e41193100ddf67b159c09951f46b693b72746..66b3bbf1c5e3ea90696499dfd17874ed99238db3 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1592,7 +1592,7 @@ static int
 virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
                                         virDomainDefPtr def,
                                         virStorageSourcePtr src,
-                                        bool first)
+                                        virStorageSourcePtr parent)
 {
     virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
     virSecurityLabelDefPtr secdef;
@@ -1614,7 +1614,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
 
     if (disk_seclabel && disk_seclabel->relabel && disk_seclabel->label) {
         ret = virSecuritySELinuxSetFilecon(mgr, src->path, disk_seclabel->label);
-    } else if (first) {
+    } else if (!parent || parent == src) {
         if (src->shared) {
             ret = virSecuritySELinuxSetFileconOptional(mgr,
                                                        src->path,
@@ -1660,7 +1660,7 @@ virSecuritySELinuxSetImageLabel(virSecurityManagerPtr mgr,
                                 virDomainDefPtr def,
                                 virStorageSourcePtr src)
 {
-    return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, true);
+    return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, NULL);
 }
 
 
@@ -1670,14 +1670,11 @@ virSecuritySELinuxSetDiskLabel(virSecurityManagerPtr mgr,
                                virDomainDiskDefPtr disk)
 
 {
-    bool first = true;
     virStorageSourcePtr next;
 
     for (next = disk->src; virStorageSourceIsBacking(next); next = next->backingStore) {
-        if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, first) < 0)
+        if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, disk->src) < 0)
             return -1;
-
-        first = false;
     }
 
     return 0;
Unnamed repository; edit this file 'description' to name the repository.