Re: [libvirt] [PATCH] storage: qemu: Fix security labelling of new image chain elements

When creating a disk image snapshot the libvirt code would blindly copy the parents label to the newly created image. This runs into problems when you start a VM from an image hosted on NFS (or other storage system that doesn't support selinux labels) and the snapshot destination is on a storage system that does support selinux labels. Libvirt's code in that case generates a different security label for the image hosted on NFS. This label is valid only for NFS images and doesn't allow access in case of a locally stored image. To fix this issue libvirt needs to refrain from copying security information in cases where the default domain seclabel is a better choice. This patch repurposes the now unused @force argument of virStorageSourceInitChainElement to denote whether a copy of the security labelling stuff should be attempted or not. This allows to fine-control the copy operation for cases where we need to keep the label of the old disk vs. the cases where we need to keep the label unset to use the default domain imagelabel. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1151718 ---

+ * If @transferLabels is true, security labels from the existing disk are copied + * to the new disk. Otherwise the default domain imagelabel label will be used. * * Returns 0 on success, -1 on error. */ int virStorageSourceInitChainElement(virStorageSourcePtr newelem, virStorageSourcePtr old, - bool force) + bool transferLables)