Re: [libvirt] Resubmission: [PATCH 1/6] sVirt AppArmor security driver

> [PATCH 1*] > patch_1a_reenable-nonfile-labels.patch: > When James Morris originally submitted his sVirt patches (as seen in > libvirt 0.6.1), he did not require on disk labelling for > virSecurityDomainRestoreImageLabel. A later commit[2] changed this > behavior to assume on disk labelling, which halts implementations for > path-based MAC systems such as AppArmor and TOMOYO where > vm->def->seclabel is required to obtain the label. This patch simply > adds the 'virDomainObjPtr vm' argument back to *RestoreImageLabel. > > patch_1b_optional.patch: > Due to the above change, 'make syntax-check' fails because > SELinuxRestoreSecurityImageLabel() does not use the 'virDomainObjPtr > vm'. patch_1b_optional.patch is a simple patch to fix this by checking > if vm->def->seclabel == NULL and returns with error if it does. I > realize this may not be desired in the long term, but it should be > harmless enough to include. >