Re: [libvirt] [PATCH v2 15/21] qemu: Enter the namespace on relabelling

Instead of trying to fix our security drivers, we can use a simple trick to relabel paths in both namespace and the host. I mean, if we enter the namespace some paths are still shared with the host so any change done to them is visible from the host too. Therefore, we can just enter the namespace and call SetAllLabel()/RestoreAllLabel() from there. Yes, it has slight overhead because we have to fork in order to enter the namespace. But on the other hand, no complexity is added to our code. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- src/Makefile.am | 3 +- src/qemu/qemu_process.c | 15 +++--- src/qemu/qemu_security.c | 132 +++++++++++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_security.h | 39 ++++++++++++++ 4 files changed, 181 insertions(+), 8 deletions(-) create mode 100644 src/qemu/qemu_security.c create mode 100644 src/qemu/qemu_security.h