From: Guannan Ren <gren@redhat.com>
Date: Wed, 17 Oct 2012 03:23:19 +0000 (+0800)
Subject: selinux: fix wrong tapfd relablling
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=89b63f0ad448a0442f4afc5489748e2cc829e527;p=libvirt.git

selinux: fix wrong tapfd relablling

It should relabel tapfd of virtual network of type VIR_DOMAIN_NET_TYPE_DIRECT
rather than VIR_DOMAIN_NET_TYPE_NETWORK and VIR_DOMAIN_NET_TYPE_BRIDGE
(commit ae368ebfcc4923d0b32e83d4ca96a6f599625785 introduced this bug)

Caution: The context of the two hunks is identical other than indentation.
Please be extremely cautious of where the patch gets applied.
---

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 239592ca19..0c0c40068d 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -5412,10 +5412,6 @@ qemuBuildCommandLine(virConnectPtr conn,
                     if (tapfd < 0)
                         goto error;
 
-                if (virSecurityManagerSetTapFDLabel(driver->securityManager,
-                                                    def, tapfd) < 0)
-                    goto error;
-
                     last_good_net = i;
                     virCommandTransferFD(cmd, tapfd);
 
@@ -5429,6 +5425,10 @@ qemuBuildCommandLine(virConnectPtr conn,
                 if (tapfd < 0)
                     goto error;
 
+                if (virSecurityManagerSetTapFDLabel(driver->securityManager,
+                                                    def, tapfd) < 0)
+                    goto error;
+
                 last_good_net = i;
                 virCommandTransferFD(cmd, tapfd);