Re: [PATCH v7 12/14] security: Always forget labels for TPM state directory

In the case of outgoing migration, we avoid restoring the remembered labels for the TPM state directory because doing so would risk cutting off storage access for the target node. Even in that case though, we should still forget (unref) the remembered labels: if we don't, the source node will keep thinking that the state directory is in use. Note that this change only affects the SELinux driver because the DAC driver doesn't currently implement label remembering for TPM state at all. Signed-off-by: Andrea Bolognani <abologna(a)redhat.com&gt; --- src/security/security_selinux.c | 49 +++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+)