On Wed, May 25, 2016 at 16:53:25 +0200, Peter Krempa wrote:
On Mon, May 23, 2016 at 20:01:18 +0200, Ján Tomko wrote:
Add support for the slic_table to the security drivers.
In this case, you should add a note to the documentation that the file is not treated as shared and should be copied for every VM to avoid problems as with shared kernel files.
--- src/security/security_dac.c | 5 +++++ src/security/security_selinux.c | 5 +++++ src/security/virt-aa-helper.c | 4 ++++ 3 files changed, 14 insertions(+)a
diff --git a/src/security/security_dac.c b/src/security/security_dac.c index df3ed47..442ce70 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1218,6 +1218,11 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, def->os.dtb, user, group) < 0) return -1;
+ if (def->os.slic_table && + virSecurityDACSetOwnership(priv, NULL, + def->os.slic_table, user, group) < 0) + return -1; + return 0; }
All 3 security driver IMPLs are missing addition to virSecurity.*RestoreAllLabel.
I've noticed that they are actually considered shared, thus ACK without any change.