[libvirt] [PATCH 1/1] Skip file-based security checks for network disks
Josh Durgin
joshd at hq.newdream.net
Tue Dec 21 02:30:58 UTC 2010
Network disks are accessed by qemu directly, and have no
associated file on the host, so checking for file ownership etc.
is unnecessary.
Signed-off-by: Josh Durgin <joshd at hq.newdream.net>
---
src/conf/domain_conf.c | 2 +-
src/qemu/qemu_security_dac.c | 2 +-
src/security/security_apparmor.c | 2 +-
src/security/security_selinux.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d516fbe..c857a89 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8353,7 +8353,7 @@ int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
size_t depth = 0;
char *nextpath = NULL;
- if (!disk->src)
+ if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
return 0;
if (disk->driverType) {
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
index 55dc0c6..88fdb8d 100644
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -144,7 +144,7 @@ qemuSecurityDACRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_U
if (disk->readonly || disk->shared)
return 0;
- if (!disk->src)
+ if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
return 0;
/* If we have a shared FS & doing migrated, we must not
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index b43c4ac..468d0a3 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -619,7 +619,7 @@ AppArmorSetSecurityImageLabel(virSecurityDriverPtr drv,
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
- if (!disk->src)
+ if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
return 0;
if (secdef->imagelabel) {
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 49efa75..47da677 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -436,7 +436,7 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
if (disk->readonly || disk->shared)
return 0;
- if (!disk->src)
+ if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
return 0;
/* If we have a shared FS & doing migrated, we must not
--
1.7.2.3
More information about the libvir-list
mailing list