Re: [libvirt] [PATCH v4 23/23] security_dac: Lock metadata when running transaction
$SUBJ
s/dac/selinux
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
Lock all the paths we want to relabel to mutually exclude other
libvirt daemons.
The only culprit here hitch here is that directories can't be
Where have I seen this before?
locked. Therefore, when relabeling a directory do not lock it
(this happens only when setting up some domain private paths
anyway, e.g. huge pages directory).
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/security/security_selinux.c | 43 +++++++++++++++++++++++++++++++++++------
1 file changed, 37 insertions(+), 6 deletions(-)
I shall say "similar comments to my DAC review" (ref/unref, more
comments in TransactionRun, and if you want use rv = *SetFilecon* and if
(rv < 0) break...
And, then you can apply the
Reviewed-by: John Ferlan <jferlan(a)redhat.com>
John