On Fri, Aug 10, 2012 at 02:55:24PM -0600, Eric Blake wrote:
On 08/10/2012 07:48 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
When generating an SELinux context for a VM from the template "system_u:system_r:svirt_t:s0", copy the role + user from the current process instead of the template context. So if the current process is
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
then the VM context ends up as
unconfined_u:unconfined_r:svirt_t:s0:c386,c703
instead of
system_u:system_r:svirt_t:s0:c177,c424
virSecuritySELinuxGenNewContext(const char *basecontext, const char *mcs) { - context_t context; + context_t context = NULL; char *ret = NULL; char *str; + security_context_t curseccontext = NULL;
When I first read this, I wondered why you felt the context of the C language was worth cursing - is it really hard to manage security labels in the C language? Adding some underscores would not hurt, since you meant cur_sec_context and not curse_c_context :)
Changed it to ourSecContext :-) Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|