[PATCH 31/36] security: selinux: Handle security labelling of FD-passed images
Pavel Hrdina
phrdina at redhat.com
Fri Jan 6 14:02:39 UTC 2023
On Thu, Jan 05, 2023 at 05:30:20PM +0100, Peter Krempa wrote:
> Unfortunately unlike with DAC we can't simply ignore labelling for the
> FD and it also influences the on-disk state.
>
> Thus we need to relabel the FD and we also store the existing label in
> cases when the user will request best-effort label replacement.
>
> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
> ---
> src/conf/storage_source_conf.c | 1 +
> src/conf/storage_source_conf.h | 3 +++
> src/security/security_selinux.c | 32 +++++++++++++++++++++++++++++++-
> 3 files changed, 35 insertions(+), 1 deletion(-)
Reviewed-by: Pavel Hrdina <phrdina at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20230106/08a96f16/attachment.sig>
More information about the libvir-list
mailing list