On Tue, Apr 07, 2026 at 19:35:41 -0400, Cole Robinson wrote:
On 4/7/26 5:13 AM, Peter Krempa wrote:
On Thu, Apr 02, 2026 at 11:12:28 -0400, Cole Robinson via Devel wrote:
Fixed to abide domain seclabel model='dac' override
Signed-off-by: Cole Robinson <crobinso@redhat.com> --- src/qemu/qemu_domain.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index d3daa0fe17..efbcdc6d2d 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -5832,10 +5832,13 @@ void qemuDomainObjCheckTaint(virQEMUDriver *driver, g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); qemuDomainObjPrivate *priv = obj->privateData; bool custom_hypervisor_feat = false; + uid_t uid; + gid_t gid;
+ qemuDomainGetImageIds(cfg, obj->def, NULL, NULL, &uid, &gid);
Thanks for the reviews! I pushed 1 and 14.
I've noticed this a bit further down, but this is the first point where the qemuDomainGetImageIds name is starting to become misleading. The seclabel of the whole VM object is considered here and doesn't depend on any 'image' uid/gid.
Renaming the function may be waranted before the whole refactor.
Yeah that's fair. qemuDomainGetDACIds sound good? Or just qemuDomainGetIds? qemuDomainGetUidGid ? naming is not my forte
I struggle with names too, that's why I didn't suggest any :D Anyways qemuDomainGetIds or qemuDomainGetUidGid would work for me, I guess I'd slightly prefer the latter.
Since you gave reviewed-by to 1-10 with comments, would you be fine with pushing those with function renamed and comments addressed, or rather I respin the whole series? I'm happy to do either
Once you rename qemuDomainGetImageIds and add error handling to it so that it can be used on code paths of inactive VMs you can use: Reviewed-by: Peter Krempa <pkrempa@redhat.com> on the rest of the series. IIRC Except for one comment all of my comments will be addressed by the rename and error handling.