[libvirt] [PATCHv2] svirt: Label serial sockets (RHBZ#853393).
From: "Richard W.M. Jones" <rjones(a)redhat.com>
libvirt skips labelling these, for unknown reasons. This breaks
libguestfs. Adding this and some SELinux rules (RHBZ#857453) fixes
everything for me.
---
src/security/security_selinux.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a7e2420..4214105 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1233,6 +1233,14 @@ virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
ret = virSecuritySELinuxSetFilecon(dev->data.file.path,
secdef->imagelabel);
break;
+ case VIR_DOMAIN_CHR_TYPE_UNIX:
+ if (!dev->data.nix.listen) {
+ if (virSecuritySELinuxSetFilecon(dev->data.file.path,
secdef->imagelabel) < 0)
+ goto done;
+ }
+ ret = 0;
+ break;
+
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0))
{
@@ -1284,6 +1292,15 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
goto done;
ret = 0;
break;
+
+ case VIR_DOMAIN_CHR_TYPE_UNIX:
+ if (!dev->data.nix.listen) {
+ if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) <
0)
+ goto done;
+ }
+ ret = 0;
+ break;
+
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&out, "%s.out", dev->data.file.path) < 0)
||
(virAsprintf(&in, "%s.in", dev->data.file.path) < 0)) {
--
1.7.10.4