[libvirt] [PATCH 0/6] security_selinux: Don't store XATTRs if FS fakes SELinux
Michal Privoznik
mprivozn at redhat.com
Thu Aug 22 15:19:03 UTC 2019
For full explanation see 6/6, but here's a digest:
GlusterFS via FUSE supports XATTRs but doesn't allow any SELinux label
change (which is fortunate for us because migrations work at least).
However, we need to treat this situation as "don't remember any
seclabels" because if the source sets XATTRs and the migration
destination tries to set different label this fails.
Michal Prívozník (6):
virSecuritySELinuxGetProcessLabel: Fix comment
virSecuritySELinuxSetFileconImpl: Drop @optional argument
security_selinux: DropvirSecuritySELinuxSetFileconOptional()
security_selinux: Drop @optional from _virSecuritySELinuxContextItem
security_selinux: Drop virSecuritySELinuxSetFileconHelper
security_selinux: Play nicely with network FS that only emulates
SELinux
src/security/security_selinux.c | 141 ++++++++++++++++----------------
1 file changed, 70 insertions(+), 71 deletions(-)
--
2.21.0
More information about the libvir-list
mailing list