Re: [libvirt] Problem with the current svirt patch

On Fri, Mar 13, 2009 at 11:03:26AM -0400, Daniel J Walsh wrote: > The current svirt patch relabels all disk to the image_t:MCS, which is > incorrect. Read Only Disks and Sharable Disks should not be labeled. > > Also when libvirt is completed running the image it needs to relabel the > image back to something sane. Right now it is labeling everything > imagelabel:s0, including phisical disk partitions. I considered two > ways of labeling the "disk" back. We can either grab the label when > libvirt starts and change it back to this label when ever an image > completes or we can ask the system what the label should be. > (matcpathcon). I originally coded up the first, but quickly realized if > anything went wrong with libvirt labeling like a crash, the labels on > disk could be wrong. And libvirt would continuously set them to this > wrong label. With matchpathcon, libvirt will at least set them to > something sane. > > So this patch Removes labeling of readonly and shared disks and restores > the images label to the system default when the image completes. > > I would really like to get this in ASAP. Since currently libvirt is > relabeing the cdrom to virt_image_t when it is complete as well as > physical disks. ACK this all looks sane to me. Daniel