[PATCH v6 08/13] virSecuritySELinuxRestoreImageLabelInt: Move FD image relabeling after 'migrated' check
From: Peter Krempa <pkrempa(a)redhat.com>
Reorganize the code so that the 'migrated' flag isn't checked multiple
times and thus that it's more obvious what is happening when the
'migrated' flag is asserted.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
Reviewed-by: Andrea Bolognani <abologna(a)redhat.com>
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/security/security_selinux.c | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index bfa48a5f72..453ac67d25 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1819,26 +1819,15 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr,
if (src->readonly || src->shared)
return 0;
- if (virStorageSourceIsFD(src)) {
- if (migrated)
- return 0;
-
- if (!src->fdtuple ||
- !src->fdtuple->selinuxLabel ||
- src->fdtuple->nfds == 0)
- return 0;
-
- ignore_value(virSecuritySELinuxFSetFilecon(src->fdtuple->fds[0],
- src->fdtuple->selinuxLabel));
- return 0;
- }
-
/* If we have a shared FS and are doing migration, we must not change
* ownership, because that kills access on the destination host which is
* sub-optimal for the guest VM's I/O attempts :-) */
if (migrated) {
int rc = 1;
+ if (virStorageSourceIsFD(src))
+ return 0;
+
if (virStorageSourceIsLocalStorage(src)) {
if (!src->path)
return 0;
@@ -1854,6 +1843,17 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr,
}
}
+ if (virStorageSourceIsFD(src)) {
+ if (!src->fdtuple ||
+ !src->fdtuple->selinuxLabel ||
+ src->fdtuple->nfds == 0)
+ return 0;
+
+ ignore_value(virSecuritySELinuxFSetFilecon(src->fdtuple->fds[0],
+ src->fdtuple->selinuxLabel));
+ return 0;
+ }
+
/* This is not very clean. But so far we don't have NVMe
* storage pool backend so that its chownCallback would be
* called. And this place looks least offensive. */
--
2.46.0