From ee3efc41e6233e625aa03003bf3127319ccd546f Mon Sep 17 00:00:00 2001
From: Josh Durgin <joshd@hq.newdream.net>
Date: Mon, 20 Dec 2010 18:30:58 -0800
Subject: [PATCH] Skip file-based security checks for network disks

Network disks are accessed by qemu directly, and have no
associated file on the host, so checking for file ownership etc.
is unnecessary.

Signed-off-by: Josh Durgin <joshd@hq.newdream.net>
---
 src/conf/domain_conf.c           | 2 +-
 src/qemu/qemu_security_dac.c     | 2 +-
 src/security/security_apparmor.c | 2 +-
 src/security/security_selinux.c  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d516fbe38d..c857a89040 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8353,7 +8353,7 @@ int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
     size_t depth = 0;
     char *nextpath = NULL;
 
-    if (!disk->src)
+    if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
         return 0;
 
     if (disk->driverType) {
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
index 55dc0c6e99..88fdb8dc81 100644
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -144,7 +144,7 @@ qemuSecurityDACRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_U
     if (disk->readonly || disk->shared)
         return 0;
 
-    if (!disk->src)
+    if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
         return 0;
 
     /* If we have a shared FS & doing migrated, we must not
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index b43c4ac0f8..468d0a3b3a 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -619,7 +619,7 @@ AppArmorSetSecurityImageLabel(virSecurityDriverPtr drv,
     if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
         return 0;
 
-    if (!disk->src)
+    if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
         return 0;
 
     if (secdef->imagelabel) {
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 49efa75bb8..47da67721b 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -436,7 +436,7 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
     if (disk->readonly || disk->shared)
         return 0;
 
-    if (!disk->src)
+    if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
         return 0;
 
     /* If we have a shared FS & doing migrated, we must not
-- 
2.39.5