[libvirt] [PATCH] selinux: Properly check TAP FD label
Michal Privoznik
mprivozn at redhat.com
Thu Sep 11 08:14:51 UTC 2014
After a4431931 the TAP FDs ale labeled with image label instead
of the process label. On the other hand, the commit was
incomplete as a few lines above, there's still old check for the
process label presence while it should be check for the image
label instead.
Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
---
Pushed under trivial rule.
After this commit, the function is completely the same as
virSecuritySELinuxSetImageFDLabel(). However I'd like to keep
them separate because there's an ongoing bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1095636
so with fair chance the TapFDLabel() function will be rewritten
soon.
src/security/security_selinux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 7064158..bf67fb5 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2347,7 +2347,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virSecurityLabelDefPtr secdef;
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
- if (!secdef || !secdef->label)
+ if (!secdef || !secdef->imagelabel)
return 0;
return virSecuritySELinuxFSetFilecon(fd, secdef->imagelabel);
--
1.8.5.5
More information about the libvir-list
mailing list