virSecurityDACRestoreAllLabel: Restore more labels

We are setting label on kernel, initrd, dtb and slic_table files.
But we never restored it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 4935c962b9aa23c69e50c5c4d455783f4e589c5f..dcd0bb558abf411e2f3a8cb37bd74d29ec1f5c82 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1719,6 +1719,22 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
         virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram) < 0)
         rc = -1;
 
+    if (def->os.kernel &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.kernel) < 0)
+        rc = -1;
+
+    if (def->os.initrd &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.initrd) < 0)
+        rc = -1;
+
+    if (def->os.dtb &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.dtb) < 0)
+        rc = -1;
+
+    if (def->os.slic_table &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.slic_table) < 0)
+        rc = -1;
+
     return rc;
 }