On 02/05/2014 11:47 AM, Ján Tomko wrote:
Commit 2ce63c1 added imagelabel generation when relabeling is turned off. But we weren't filling out the sensitivity for type 'none' labels, resulting in an invalid label:
$ virsh managedsave domain error: unable to set security context 'system_u:object_r:svirt_image_t' on fd 28: Invalid argument --- src/security/security_selinux.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)
ACK.
+++ b/src/security/security_selinux.c @@ -670,7 +670,14 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr, break;
case VIR_DOMAIN_SECLABEL_NONE: - /* no op */ + if (virSecuritySELinuxMCSGetProcessRange(&sens, + &catMin, + &catMax) < 0) + goto cleanup; + + if (VIR_STRDUP(mcs, sens) < 0) + goto cleanup; + break;
default:
-- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org