[PATCH v2 06/13] security: selinux: handle qcow2 data-file on image label set/restore
Signed-off-by: Nikolai Barybin <nikolai.barybin(a)virtuozzo.com>
---
src/security/security_selinux.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 31df4d22db..6d0611fe50 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1871,7 +1871,12 @@ virSecuritySELinuxRestoreImageLabel(virSecurityManager *mgr,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags
G_GNUC_UNUSED)
{
- return virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, false);
+ int rc = virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, false);
+
+ if (rc == 0 && src->dataFileStore)
+ rc = virSecuritySELinuxRestoreImageLabelInt(mgr, def, src->dataFileStore,
false);
+
+ return rc;
}
@@ -1996,6 +2001,10 @@ virSecuritySELinuxSetImageLabel(virSecurityManager *mgr,
if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, parent, isChainTop) <
0)
return -1;
+ if (n->dataFileStore &&
+ virSecuritySELinuxSetImageLabelInternal(mgr, def, n->dataFileStore,
parent, isChainTop) < 0)
+ return -1;
+
if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN))
break;
@@ -2843,9 +2852,12 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
for (i = 0; i < def->ndisks; i++) {
virDomainDiskDef *disk = def->disks[i];
-
- if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src,
- migrated) < 0)
+ int ret = virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src,
+ migrated);
+ if (ret == 0 && disk->src->dataFileStore)
+ ret = virSecuritySELinuxRestoreImageLabelInt(mgr, def,
disk->src->dataFileStore,
+ migrated);
+ if (ret < 0)
rc = -1;
}
--
2.43.5