Skip file-based security checks for network disks

author Josh Durgin <joshd@hq.newdream.net>

Tue, 21 Dec 2010 02:30:58 +0000 (18:30 -0800)

committer Eric Blake <eblake@redhat.com>

Tue, 21 Dec 2010 14:30:25 +0000 (07:30 -0700)
author Josh Durgin <joshd@hq.newdream.net>
Tue, 21 Dec 2010 02:30:58 +0000 (18:30 -0800)
committer Eric Blake <eblake@redhat.com>
Tue, 21 Dec 2010 14:30:25 +0000 (07:30 -0700)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c

index d516fbe38d71b4655f55f86cb4bc46b0bac04519..c857a8904096e5cd2cc71052331d95b0bbb8109d 100644 (file)
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8353,7 +8353,7 @@ int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
      size_t depth = 0;
      char *nextpath = NULL;
  
-    if (!disk->src)
+    if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
          return 0;
  
      if (disk->driverType) {
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c

index 55dc0c6e99d330fa1aba654f7dbde57255fad4ec..88fdb8dc81046a8bd593c34270e13bbff5f2420d 100644 (file)
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -144,7 +144,7 @@ qemuSecurityDACRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_U
      if (disk->readonly || disk->shared)
          return 0;
  
-    if (!disk->src)
+    if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
          return 0;
  
      /* If we have a shared FS & doing migrated, we must not
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c

index b43c4ac0f879da15e15be354848c94db783989f0..468d0a3b3abcf705ab871de7933c1e60d5b57d16 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -619,7 +619,7 @@ AppArmorSetSecurityImageLabel(virSecurityDriverPtr drv,
      if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
          return 0;
  
-    if (!disk->src)
+    if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
          return 0;
  
      if (secdef->imagelabel) {
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c

index 49efa75bb8c99c485c20c38946ff087560c33b1b..47da67721b1c0d8626f4ce1f622be11679f828b8 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -436,7 +436,7 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
      if (disk->readonly || disk->shared)
          return 0;
  
-    if (!disk->src)
+    if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
          return 0;
  
      /* If we have a shared FS & doing migrated, we must not
author	Josh Durgin <joshd@hq.newdream.net>
	Tue, 21 Dec 2010 02:30:58 +0000 (18:30 -0800)
committer	Eric Blake <eblake@redhat.com>
	Tue, 21 Dec 2010 14:30:25 +0000 (07:30 -0700)
src/conf/domain_conf.c		patch \| blob \| blame \| history
src/qemu/qemu_security_dac.c		patch \| blob \| blame \| history
src/security/security_apparmor.c		patch \| blob \| blame \| history
src/security/security_selinux.c		patch \| blob \| blame \| history