[libvirt] [PATCH 0/6] security_selinux: Don't store XATTRs if FS fakes SELinux
Martin Kletzander
mkletzan at redhat.com
Thu Aug 29 15:31:47 UTC 2019
On Thu, Aug 22, 2019 at 05:19:03PM +0200, Michal Privoznik wrote:
>For full explanation see 6/6, but here's a digest:
>
>GlusterFS via FUSE supports XATTRs but doesn't allow any SELinux label
>change (which is fortunate for us because migrations work at least).
>However, we need to treat this situation as "don't remember any
>seclabels" because if the source sets XATTRs and the migration
>destination tries to set different label this fails.
>
The series is safe for freeze as it was sent before the freeze and it fixes a
bug, but we also need this in so that we get clean xattr values as soon as
possible. One suggestion for a patch coming up as 7/6 (I couldn't look at that
part of the code, but it was pre-existing and you didn't touch that part,
unfortunately).
>Michal Prívozník (6):
> virSecuritySELinuxGetProcessLabel: Fix comment
> virSecuritySELinuxSetFileconImpl: Drop @optional argument
> security_selinux: DropvirSecuritySELinuxSetFileconOptional()
> security_selinux: Drop @optional from _virSecuritySELinuxContextItem
> security_selinux: Drop virSecuritySELinuxSetFileconHelper
> security_selinux: Play nicely with network FS that only emulates
> SELinux
>
> src/security/security_selinux.c | 141 ++++++++++++++++----------------
> 1 file changed, 70 insertions(+), 71 deletions(-)
>
>--
>2.21.0
>
>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20190829/22948410/attachment-0001.sig>
More information about the libvir-list
mailing list