[libvirt] [PATCH 0/2] security: Save labels of resources before libvirt changing them for restoring.

Hi ALL: There is a confusing issue in svirt. If sec_type is dynamic or relabel is yes in VM, when VM stopped, the label of image will be restored to a default label on the path, but not my expected label what it was before VM is started. Example: #virsh dumpxml virt-tests-vm1 ... <disk type='file' device='disk'> <driver name='qemu' type='raw' cache='none'/> <source file='/libvirt_autotest_root/images/fedora17.img'/> <target dev='hda' bus='ide'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> ... <seclabel type='dynamic' model='selinux' relabel='yes'/> ... # ll /libvirt_autotest_root/images/fedora17.img -Z -rwxr-xr-x. root root *system_u:object_r:svirt_image_t:s0* /libvirt_autotest_root/images/fedora17.img # virsh start virt-tests-vm1 Domain virt-tests-vm1 started # virsh destroy virt-tests-vm1 Domain virt-tests-vm1 destroyed # ll /libvirt_autotest_root/images/fedora17.img -Z -rwxr-xr-x. root root *system_u:object_r:default_t:s0* /libvirt_autotest_root/images/fedora17.img Label is changed from svirt_image_t to default_t. And the svirt_image_t is accessable for svirt_t process but default_t is not. This patch instroduce a struct named _virSecuritySELinuxBackupContext to save the path and the label before libvirt changing them. And labels will be restored to path in VM being stopped. yangdongsheng (2): util: Introduce virStrcmp into virstring. security: Save contexts of resources for restoring it. src/security/security_selinux.c | 229 +++++++++++++++++++++++++++++++++++++-- src/util/virstring.c | 14 +++ src/util/virstring.h | 2 + 3 files changed, 238 insertions(+), 7 deletions(-) -- 1.7.10.1