Re: [libvirt] [PATCH 5/6] Cleanup sec driver error reporting to use virReportSystemError

* src/security_selinux.c: Use virReportSystemError whereever an errno is involved * src/qemu_driver.c: Don't overwrite error message from the security driver

@@ -440,6 +431,17 @@ SELinuxSetSecurityPCILabel(virConnectPtr conn, } static int +SELinuxSetSecurityUSBLabel(virConnectPtr conn, + usbDevice *dev ATTRIBUTE_UNUSED, + const char *file, void *opaque) +{ + virDomainObjPtr vm = opaque; + const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + + return SELinuxSetFilecon(conn, file, secdef->imagelabel); +} + +static int SELinuxSetSecurityHostdevLabel(virConnectPtr conn, virDomainObjPtr vm, virDomainHostdevDefPtr dev) @@ -451,8 +453,24 @@ SELinuxSetSecurityHostdevLabel(virConnectPtr conn, return 0; switch (dev->source.subsys.type) { - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: - break; + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: { + if (dev->source.subsys.u.usb.bus && dev->source.subsys.u.usb.device) { + usbDevice *usb = usbGetDevice(conn, + dev->source.subsys.u.usb.bus, + dev->source.subsys.u.usb.device); + + if (!usb) + goto done; + + ret = usbDeviceFileIterate(conn, usb, SELinuxSetSecurityUSBLabel, vm); + usbFreeDevice(conn, usb); + + break; + } else { + /* XXX deal with product/vendor better */ + ret = 0; + } + }