[libvirt] [PATCH v2 0/2] dac: relabel spice rendernode
Cole Robinson
crobinso at redhat.com
Sun Aug 27 16:20:40 UTC 2017
This fixes the last issue preventing qemu:///system spice GL from working
out of the box: chown'ing the rendernode path so we have permissions
to open it.
We skip this if mount namespaces are disabled, so the chown'ing won't
interfere with other rendernode users on the host.
https://bugzilla.redhat.com/show_bug.cgi?id=1460804
v2:
Add the MOUNT_NAMESPACE handling
Drop DAC restore of rendernode
Cole Robinson (2):
security: add MANAGER_MOUNT_NAMESPACE flag
security: dac: relabel spice rendernode
src/qemu/qemu_driver.c | 2 ++
src/security/security_dac.c | 68 +++++++++++++++++++++++++++++++++++++++++
src/security/security_dac.h | 3 ++
src/security/security_manager.c | 4 ++-
src/security/security_manager.h | 1 +
5 files changed, 77 insertions(+), 1 deletion(-)
--
2.13.5
More information about the libvir-list
mailing list