[libvirt] [PATCH v2] selinux: Avoid label reservations for type = none
Martin Kletzander
mkletzan at redhat.com
Fri Sep 5 11:35:03 UTC 2014
On Thu, Sep 04, 2014 at 02:42:32PM +0530, Shivaprasad G Bhat wrote:
>For security type='none' libvirt according to the docs should not generate seclabel be it for selinux or any model. So, skip the reservation of labels when type is none.
>
I wrapped the commit message.
>Signed-off-by: Shivaprasad G Bhat <sbhat at linux.vnet.ibm.com>
>---
> src/security/security_selinux.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
>diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
>index e8c13db..c21e4fe 100644
>--- a/src/security/security_selinux.c
>+++ b/src/security/security_selinux.c
>@@ -731,7 +731,9 @@ virSecuritySELinuxReserveSecurityLabel(virSecurityManagerPtr mgr,
> virSecurityLabelDefPtr seclabel;
>
> seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
>- if (!seclabel || seclabel->type == VIR_DOMAIN_SECLABEL_STATIC)
>+ if (!seclabel ||
>+ seclabel->type == VIR_DOMAIN_SECLABEL_NONE ||
>+ seclabel->type == VIR_DOMAIN_SECLABEL_STATIC)
> return 0;
>
ACK, and apparmor does handle this already. I'll push in a minute.
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140905/7b08c5f7/attachment-0001.sig>
More information about the libvir-list
mailing list