[libvirt] [PATCHv2 3/3] security: label the slic_table
Peter Krempa
pkrempa at redhat.com
Wed May 25 15:06:27 UTC 2016
On Wed, May 25, 2016 at 16:53:25 +0200, Peter Krempa wrote:
> On Mon, May 23, 2016 at 20:01:18 +0200, Ján Tomko wrote:
> > Add support for the slic_table to the security drivers.
>
> In this case, you should add a note to the documentation that the file
> is not treated as shared and should be copied for every VM to avoid
> problems as with shared kernel files.
>
> > ---
> > src/security/security_dac.c | 5 +++++
> > src/security/security_selinux.c | 5 +++++
> > src/security/virt-aa-helper.c | 4 ++++
> > 3 files changed, 14 insertions(+)a
> >
> > diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> > index df3ed47..442ce70 100644
> > --- a/src/security/security_dac.c
> > +++ b/src/security/security_dac.c
> > @@ -1218,6 +1218,11 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
> > def->os.dtb, user, group) < 0)
> > return -1;
> >
> > + if (def->os.slic_table &&
> > + virSecurityDACSetOwnership(priv, NULL,
> > + def->os.slic_table, user, group) < 0)
> > + return -1;
> > +
> > return 0;
> > }
> >
>
> All 3 security driver IMPLs are missing addition to
> virSecurity.*RestoreAllLabel.
I've noticed that they are actually considered shared, thus ACK without
any change.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20160525/8d11a285/attachment-0001.sig>
More information about the libvir-list
mailing list