[libvirt] [PATCHv2 3/3] security: label the slic_table

Ján Tomko jtomko at redhat.com
Wed May 25 15:26:24 UTC 2016


On Wed, May 25, 2016 at 05:06:27PM +0200, Peter Krempa wrote:
> On Wed, May 25, 2016 at 16:53:25 +0200, Peter Krempa wrote:
> > On Mon, May 23, 2016 at 20:01:18 +0200, Ján Tomko wrote:
> > > Add support for the slic_table to the security drivers.
> > 
> > In this case, you should add a note to the documentation that the file
> > is not treated as shared and should be copied for every VM to avoid
> > problems as with shared kernel files.
> > 
> > > ---
> > >  src/security/security_dac.c     | 5 +++++
> > >  src/security/security_selinux.c | 5 +++++
> > >  src/security/virt-aa-helper.c   | 4 ++++
> > >  3 files changed, 14 insertions(+)a
> > > 
> > > diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> > > index df3ed47..442ce70 100644
> > > --- a/src/security/security_dac.c
> > > +++ b/src/security/security_dac.c
> > > @@ -1218,6 +1218,11 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
> > >                                     def->os.dtb, user, group) < 0)
> > >          return -1;
> > >  
> > > +    if (def->os.slic_table &&
> > > +        virSecurityDACSetOwnership(priv, NULL,
> > > +                                   def->os.slic_table, user, group) < 0)
> > > +        return -1;
> > > +
> > >      return 0;
> > >  }
> > >  
> > 
> > All 3 security driver IMPLs are missing addition to
> > virSecurity.*RestoreAllLabel.
> 
> I've noticed that they are actually considered shared, thus ACK without
> any change.

Thanks, I have pushed the series now.

Jan




More information about the libvir-list mailing list