On 08/16/2012 12:10 AM, Marcelo Cerri wrote:
- if (!def->seclabels[0]->norelabel) { - def->seclabels[0]->imagelabel = virSecuritySELinuxGenNewContext( - data->file_context, mcs); - if (!def->seclabels[0]->imagelabel) { + if (!seclabel->norelabel) { + seclabel->imagelabel = virSecuritySELinuxGenNewContext( + data->domain_context, mcs); + if (!seclabel->imagelabel) { virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot generate selinux context for %s"), mcs); goto cleanup; } }
- if (!def->seclabels[0]->model && - !(def->seclabels[0]->model = strdup(SECURITY_SELINUX_NAME))) { + if (!seclabel->model && + !(seclabel->model = strdup(SECURITY_SELINUX_NAME))) { virReportOOMError(); goto cleanup; }
the patch breaks the object labelling again ... please apply the following patch to fix, thanks! Image context must always use data->file_context. Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com> --- src/security/security_selinux.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index eea8fbd..da2a9c4 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -450,9 +450,10 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr, } if (!seclabel->norelabel) { - seclabel->imagelabel = virSecuritySELinuxGenNewContext(data->domain_context, - mcs, - true); + seclabel->imagelabel = + virSecuritySELinuxGenNewContext(data->file_context, + mcs, + true); if (!seclabel->imagelabel) { virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot generate selinux context for %s"), mcs); -- 1.7.0.4 -- Mit freundlichen Grüßen/Kind Regards Viktor Mihajlovski IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Martin Jetter Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294