[PATCH 1/6] qemu: Use qemuSecurityDomainSetPathLabel() to set seclabes on not saved state files
Michal Privoznik
mprivozn at redhat.com
Wed Jun 17 11:35:35 UTC 2020
There are two places within qemu driver that misuse
qemuSecuritySetSavedStateLabel() to set seclabels on tempfiles
that are not state files: qemuDomainScreenshot() and
qemuDomainMemoryPeek(). They are doing so because of lack of
qemuSecurityDomainSetPathLabel() at the time of their
introduction.
In all three secdrivers (well, four if you count NOP driver) the
implementation of .domainSetSavedStateLabel and
.domainSetPathLabel callbacks is the same anyway.
Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
---
src/qemu/qemu_driver.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index e482d08f3a..3fad440272 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -4064,7 +4064,7 @@ qemuDomainScreenshot(virDomainPtr dom,
}
unlink_tmp = true;
- qemuSecuritySetSavedStateLabel(driver, vm, tmp);
+ qemuSecurityDomainSetPathLabel(driver, vm, tmp, false);
qemuDomainObjEnterMonitor(driver, vm);
if (qemuMonitorScreendump(priv->mon, videoAlias, screen, tmp) < 0) {
@@ -11666,7 +11666,7 @@ qemuDomainMemoryPeek(virDomainPtr dom,
goto endjob;
}
- qemuSecuritySetSavedStateLabel(driver, vm, tmp);
+ qemuSecurityDomainSetPathLabel(driver, vm, tmp, false);
priv = vm->privateData;
qemuDomainObjEnterMonitor(driver, vm);
--
2.26.2
More information about the libvir-list
mailing list