virSecurityDACRestoreImageLabelInt: Restore even shared/RO disks

Now that we have seclabel remembering we can safely restore
labels for shared and RO disks. In fact we need to do that to
keep seclabel refcount stored in XATTRs in sync with reality.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 3264a2967cbdaa5cbea1146078258728925d4d5f..533d990de19ca220db6787e9c46b9ee311ee21d4 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -932,14 +932,6 @@ virSecurityDACRestoreImageLabelInt(virSecurityManagerPtr mgr,
     if (!priv->dynamicOwnership)
         return 0;
 
-    /* Don't restore labels on readoly/shared disks, because other VMs may
-     * still be accessing these. Alternatively we could iterate over all
-     * running domains and try to figure out if it is in use, but this would
-     * not work for clustered filesystems, since we can't see running VMs using
-     * the file on other nodes. Safest bet is thus to skip the restore step. */
-    if (src->readonly || src->shared)
-        return 0;
-
     secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
     if (secdef && !secdef->relabel)
         return 0;