[libvirt] [PATCH 0/2] fix attached vm cannot get a right label
Luyao Huang
lhuang at redhat.com
Mon Dec 1 09:54:34 UTC 2014
When call qemuProcessAttach to attach a qemu process, libvirt will
generate a wrong label for DAC, and do not set imagelabel for both
of them, no imagelabel will cause some other issue.
After this patch guest label will be :
<seclabel type='static' model='selinux' relabel='yes'>
<label>unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023</label>
<imagelabel>system_u:object_r:svirt_image_t:s0-s0:c0.c1023</imagelabel>
</seclabel>
<seclabel type='static' model='dac' relabel='yes'>
<label>+0:+0</label>
<imagelabel>+0:+0</imagelabel>
</seclabel>
Luyao Huang (2):
qemu: fix some small issue in qemuProcessAttach
security: Add a new func use stat to get process DAC label
src/qemu/qemu_process.c | 10 ++++++---
src/security/security_dac.c | 50 +++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 55 insertions(+), 5 deletions(-)
--
1.8.3.1
More information about the libvir-list
mailing list