On Fri, Sep 25, 2009 at 02:27:33PM +0100, Mark McLoughlin wrote:
Use virStorageFileProbeHeader() to find any backing stores for images and re-label them
Without this, qemu cannot access qcow2 backing files, see:
https://bugzilla.redhat.com/497131
* src/security/security_selinux.c: re-label backing store files in SELinuxSetSecurityImageLabel() --- src/security/security_selinux.c | 26 ++++++++++++++++++++++++++ 1 files changed, 26 insertions(+), 0 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index b84de8f..f415118 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -27,6 +27,7 @@ #include "logging.h" #include "pci.h" #include "hostusb.h" +#include "storage_file.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
@@ -403,10 +404,35 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
{ const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const char *path; + char *backingStore = NULL;
if (!disk->src) return 0;
+ path = disk->src; + do { + int ret; + + ret = virStorageFileProbeHeader(conn, path, NULL, &backingStore, + NULL, NULL, NULL, NULL); + + if (path != disk->src) + VIR_FREE(path); + path = NULL; + + if (ret < 0) + return -1; + + if (backingStore != NULL && + SELinuxSetFilecon(conn, backingStore, default_content_context) < 0) { + VIR_FREE(backingStore); + return -1; + } + + path = backingStore; + } while (path != NULL); + if (disk->shared) { return SELinuxSetFilecon(conn, disk->src, default_image_context); } else if (disk->readonly) {
ACK, to the principal of this patch, though obviously suggested changes earlier in the series would impact the actual code a little. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|