Re: [libvirt] [PATCH 1/3] Add a function to the security driver API that sets the label of an open fd.

Tuesday, 25 January 2011

On 01/25/2011 12:48 PM, Daniel P. Berrange wrote:
...
 On Tue, Jan 25, 2011 at 04:24:18AM -0500, Laine Stump wrote:
> A need was found to set the SELinux context label on an open fd (a
> pipe, as a matter of fact). This patch adds a function to the security
> driver API that will set the label on an open fd to secdef.label. For
> all drivers other than the SELinux driver, it's a NOP. For the SElinux
> driver, it calls fsetfilecon().
>
> If the return is a failure, it only returns error up to the caller if
> 1) the desired label is different from the existing label, 2) the
> destination fd is of a type that supports setting the selinux context,
> and 3) selinux is in enforcing mode. Otherwise it will return
> success. This follows the pattern of the existing function
> SELinuxSetFilecon().
 ACK

Thanks. I'll hold off on pushing this just in case the discussion on 
PATCH 2/3 leads to a change requirement in this one.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] [PATCH 1/3] Add a function to the security driver API that sets the label of an open fd.