On 02/05/2014 11:47 AM, Ján Tomko wrote:
Commit 2ce63c1 added imagelabel generation when relabeling is turned
off. But we weren't filling out the sensitivity for type 'none' labels,
resulting in an invalid label:
$ virsh managedsave domain
error: unable to set security context 'system_u:object_r:svirt_image_t'
on fd 28: Invalid argument
---
src/security/security_selinux.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
ACK.
+++ b/src/security/security_selinux.c
@@ -670,7 +670,14 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
break;
case VIR_DOMAIN_SECLABEL_NONE:
- /* no op */
+ if (virSecuritySELinuxMCSGetProcessRange(&sens,
+ &catMin,
+ &catMax) < 0)
+ goto cleanup;
+
+ if (VIR_STRDUP(mcs, sens) < 0)
+ goto cleanup;
+
break;
default:
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org