Re: [libvirt] [PATCH 7/7] Re-label image file backing stores
On Fri, Sep 25, 2009 at 02:27:33PM +0100, Mark McLoughlin wrote:
Use virStorageFileProbeHeader() to find any backing stores for
images
and re-label them
Without this, qemu cannot access qcow2 backing files, see:
https://bugzilla.redhat.com/497131
* src/security/security_selinux.c: re-label backing store files in
SELinuxSetSecurityImageLabel()
---
src/security/security_selinux.c | 26 ++++++++++++++++++++++++++
1 files changed, 26 insertions(+), 0 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index b84de8f..f415118 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -27,6 +27,7 @@
#include "logging.h"
#include "pci.h"
#include "hostusb.h"
+#include "storage_file.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
@@ -403,10 +404,35 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const char *path;
+ char *backingStore = NULL;
if (!disk->src)
return 0;
+ path = disk->src;
+ do {
+ int ret;
+
+ ret = virStorageFileProbeHeader(conn, path, NULL, &backingStore,
+ NULL, NULL, NULL, NULL);
+
+ if (path != disk->src)
+ VIR_FREE(path);
+ path = NULL;
+
+ if (ret < 0)
+ return -1;
+
+ if (backingStore != NULL &&
+ SELinuxSetFilecon(conn, backingStore, default_content_context) < 0) {
+ VIR_FREE(backingStore);
+ return -1;
+ }
+
+ path = backingStore;
+ } while (path != NULL);
+
if (disk->shared) {
return SELinuxSetFilecon(conn, disk->src, default_image_context);
} else if (disk->readonly) {
ACK, to the principal of this patch, though obviously suggested changes
earlier in the series would impact the actual code a little.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|