From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 3 Oct 2018 09:08:21 +0000 (+0200)
Subject: virSecuritySELinuxRestoreAllLabel: Restore more labels
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=d9043c06e62e2941454b7a5470bbd19b14a9f8ef;p=libvirt.git

virSecuritySELinuxRestoreAllLabel: Restore more labels

We are setting label on kernel, initrd, dtb and slic_table files.
But we never restored it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 6c2ef22a6e..4de8b6f9cd 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2668,6 +2668,22 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManagerPtr mgr,
         virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram, false) < 0)
         rc = -1;
 
+    if (def->os.kernel &&
+        virSecuritySELinuxRestoreFileLabel(mgr, def->os.kernel, false) < 0)
+        rc = -1;
+
+    if (def->os.initrd &&
+        virSecuritySELinuxRestoreFileLabel(mgr, def->os.initrd, false) < 0)
+        rc = -1;
+
+    if (def->os.dtb &&
+        virSecuritySELinuxRestoreFileLabel(mgr, def->os.dtb, false) < 0)
+        rc = -1;
+
+    if (def->os.slic_table &&
+        virSecuritySELinuxRestoreFileLabel(mgr, def->os.slic_table, false) < 0)
+        rc = -1;
+
     return rc;
 }