$SUBJ s/dac/selinux On 09/10/2018 05:36 AM, Michal Privoznik wrote:
Lock all the paths we want to relabel to mutually exclude other libvirt daemons.
The only culprit here hitch here is that directories can't be
Where have I seen this before?
locked. Therefore, when relabeling a directory do not lock it (this happens only when setting up some domain private paths anyway, e.g. huge pages directory).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_selinux.c | 43 +++++++++++++++++++++++++++++++++++------ 1 file changed, 37 insertions(+), 6 deletions(-)
I shall say "similar comments to my DAC review" (ref/unref, more comments in TransactionRun, and if you want use rv = *SetFilecon* and if (rv < 0) break... And, then you can apply the Reviewed-by: John Ferlan <jferlan@redhat.com> John