Re: [libvirt] [PATCH v4 3/5] Update security layer to handle many security labels

On 08/16/2012 12:10 AM, Marcelo Cerri wrote: > - if (!def->seclabels[0]->norelabel) { > - def->seclabels[0]->imagelabel = virSecuritySELinuxGenNewContext( > - data->file_context, mcs); > - if (!def->seclabels[0]->imagelabel) { > + if (!seclabel->norelabel) { > + seclabel->imagelabel = virSecuritySELinuxGenNewContext( > + data->domain_context, mcs); > + if (!seclabel->imagelabel) { > virReportError(VIR_ERR_INTERNAL_ERROR, > _("cannot generate selinux context for %s"), mcs); > goto cleanup; > } > } > > - if (!def->seclabels[0]->model && > - !(def->seclabels[0]->model = strdup(SECURITY_SELINUX_NAME))) { > + if (!seclabel->model && > + !(seclabel->model = strdup(SECURITY_SELINUX_NAME))) { > virReportOOMError(); > goto cleanup; > } the patch breaks the object labelling again ... please apply the following patch to fix, thanks! Image context must always use data->file_context. Signed-off-by: Viktor Mihajlovski <mihajlov(a)linux.vnet.ibm.com&gt; --- src/security/security_selinux.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index eea8fbd..da2a9c4 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -450,9 +450,10 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr, } if (!seclabel->norelabel) { - seclabel->imagelabel = virSecuritySELinuxGenNewContext(data->domain_context, - mcs, - true); + seclabel->imagelabel = + virSecuritySELinuxGenNewContext(data->file_context, + mcs, + true); if (!seclabel->imagelabel) { virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot generate selinux context for %s"), mcs);