From: Jim Fehlig <jfehlig@suse.com>
Date: Thu, 15 May 2014 21:58:04 +0000 (-0600)
Subject: security_dac: avoid relabeling hostdevs when relabel='no'
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=bb917a90b1c86c5b36deb0ff90d2c0823a090687;p=libvirt.git

security_dac: avoid relabeling hostdevs when relabel='no'

When relabel='no' at the domain level, there is no need to call
the hostdev relabeling functions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index d6ca303ccb..e2955dbd23 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -485,6 +485,9 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
     cbdata.manager = mgr;
     cbdata.secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
 
+    if (cbdata.secdef && cbdata.secdef->norelabel)
+        return 0;
+
     switch ((enum virDomainHostdevSubsysType) dev->source.subsys.type) {
     case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
         virUSBDevicePtr usb;
@@ -601,9 +604,12 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
 
 {
     virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    virSecurityLabelDefPtr secdef;
     int ret = -1;
 
-    if (!priv->dynamicOwnership)
+    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
+
+    if (!priv->dynamicOwnership || (secdef && secdef->norelabel))
         return 0;
 
     if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)