On Thu, Apr 02, 2026 at 11:12:28 -0400, Cole Robinson via Devel wrote:
Fixed to abide domain seclabel model='dac' override
Signed-off-by: Cole Robinson <crobinso@redhat.com> --- src/qemu/qemu_domain.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index d3daa0fe17..efbcdc6d2d 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -5832,10 +5832,13 @@ void qemuDomainObjCheckTaint(virQEMUDriver *driver, g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); qemuDomainObjPrivate *priv = obj->privateData; bool custom_hypervisor_feat = false; + uid_t uid; + gid_t gid;
+ qemuDomainGetImageIds(cfg, obj->def, NULL, NULL, &uid, &gid);
I've noticed this a bit further down, but this is the first point where the qemuDomainGetImageIds name is starting to become misleading. The seclabel of the whole VM object is considered here and doesn't depend on any 'image' uid/gid. Renaming the function may be waranted before the whole refactor.