Re: [libvirt] [PATCH v4 3/5] Update security layer to handle many security labels
On 08/16/2012 12:10 AM, Marcelo Cerri wrote:
- if (!def->seclabels[0]->norelabel) {
- def->seclabels[0]->imagelabel = virSecuritySELinuxGenNewContext(
- data->file_context, mcs);
- if (!def->seclabels[0]->imagelabel) {
+ if (!seclabel->norelabel) {
+ seclabel->imagelabel = virSecuritySELinuxGenNewContext(
+ data->domain_context, mcs);
+ if (!seclabel->imagelabel) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"),
mcs);
goto cleanup;
}
}
- if (!def->seclabels[0]->model &&
- !(def->seclabels[0]->model = strdup(SECURITY_SELINUX_NAME))) {
+ if (!seclabel->model &&
+ !(seclabel->model = strdup(SECURITY_SELINUX_NAME))) {
virReportOOMError();
goto cleanup;
}
the patch breaks the object labelling again ... please apply the following patch to fix,
thanks!
Image context must always use data->file_context.
Signed-off-by: Viktor Mihajlovski <mihajlov(a)linux.vnet.ibm.com>
---
src/security/security_selinux.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index eea8fbd..da2a9c4 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -450,9 +450,10 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
}
if (!seclabel->norelabel) {
- seclabel->imagelabel =
virSecuritySELinuxGenNewContext(data->domain_context,
- mcs,
- true);
+ seclabel->imagelabel =
+ virSecuritySELinuxGenNewContext(data->file_context,
+ mcs,
+ true);
if (!seclabel->imagelabel) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs);
--
1.7.0.4
--
Mit freundlichen Grüßen/Kind Regards
Viktor Mihajlovski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martin Jetter
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294