[libvirt] [PATCH] selinux: Avoid label reservations for type = none during restart

[Michal Privoznik]

On 10.06.2014 13:42, Shivaprasad G Bhat wrote:
> The problem is libvirt kills the guests during libvirt restart if more than
> guest has security type as none. This is because, libvirt as part of guest-
> reconnect tries to reserve the security labels. In case of type=none, the range
> of security context happen to be same for several guests. During reservation,
> the second attempt to reserve the same range fails and the Guests would be
> killed. The fix is to avoid reserving labels for type = none during libvirt
> restart.

I think the major point is, that for type=none libvirt (according to the 
docs) should not generate seclabel at all (either for given security 
model or for all models). I'd expect such explanation in commit message.

>
> Signed-off-by: Shivaprasad G Bhat <sbhat at linux.vnet.ibm.com>
> ---
>   src/security/security_selinux.c |    3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index 008c58c..2f8a7f2 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -739,7 +739,8 @@ virSecuritySELinuxReserveSecurityLabel(virSecurityManagerPtr mgr,
>       virSecurityLabelDefPtr seclabel;
>
>       seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
> -    if (!seclabel || seclabel->type == VIR_DOMAIN_SECLABEL_STATIC)
> +    if (!seclabel || seclabel->type == VIR_DOMAIN_SECLABEL_STATIC ||
> +        seclabel->type == VIR_DOMAIN_SECLABEL_NONE)

While technically this is okay, I find it nicer if the three conditions 
are on separate lines. But maybe I'm too picky O:-)

>           return 0;
>
>       if (getpidcon_raw(pid, &pctx) == -1) {
>

I feel bad demanding v2, but the commit message needs fixing. But hey - 
you're on the right track!

Michal