[libvirt] [PATCH v4 23/23] security_dac: Lock metadata when running transaction
John Ferlan
jferlan at redhat.com
Mon Sep 17 22:41:44 UTC 2018
$SUBJ
s/dac/selinux
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> Lock all the paths we want to relabel to mutually exclude other
> libvirt daemons.
>
> The only culprit here hitch here is that directories can't be
Where have I seen this before?
> locked. Therefore, when relabeling a directory do not lock it
> (this happens only when setting up some domain private paths
> anyway, e.g. huge pages directory).
>
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
> src/security/security_selinux.c | 43 +++++++++++++++++++++++++++++++++++------
> 1 file changed, 37 insertions(+), 6 deletions(-)
>
I shall say "similar comments to my DAC review" (ref/unref, more
comments in TransactionRun, and if you want use rv = *SetFilecon* and if
(rv < 0) break...
And, then you can apply the
Reviewed-by: John Ferlan <jferlan at redhat.com>
John
More information about the libvir-list
mailing list