[libvirt] [PATCH] security: Re-apply commit ce53382ba28179d3a504b29b4f888b6e130d53f0
Recent changes in the security driver discarded changes that fixed labeling un-confined guests. --- src/security/security_manager.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 367f7ad..07f5a9b 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -340,10 +340,12 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, } if (seclabel->type == VIR_DOMAIN_SECLABEL_DEFAULT) { - if (sec_managers[i]->defaultConfined) + if (sec_managers[i]->defaultConfined) { seclabel->type = VIR_DOMAIN_SECLABEL_DYNAMIC; - else + } else { seclabel->type = VIR_DOMAIN_SECLABEL_NONE; + seclabel->norelabel = true; + } } if ((seclabel->type == VIR_DOMAIN_SECLABEL_NONE) && -- 1.7.12
On Thu, Aug 30, 2012 at 04:22:48PM +0200, Peter Krempa wrote:
Recent changes in the security driver discarded changes that fixed labeling un-confined guests. --- src/security/security_manager.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 367f7ad..07f5a9b 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -340,10 +340,12 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, }
if (seclabel->type == VIR_DOMAIN_SECLABEL_DEFAULT) { - if (sec_managers[i]->defaultConfined) + if (sec_managers[i]->defaultConfined) { seclabel->type = VIR_DOMAIN_SECLABEL_DYNAMIC; - else + } else { seclabel->type = VIR_DOMAIN_SECLABEL_NONE; + seclabel->norelabel = true; + } }
if ((seclabel->type == VIR_DOMAIN_SECLABEL_NONE) &&
ACK, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
On 08/30/12 16:33, Daniel Veillard wrote:
On Thu, Aug 30, 2012 at 04:22:48PM +0200, Peter Krempa wrote:
Recent changes in the security driver discarded changes that fixed labeling un-confined guests. --- src/security/security_manager.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
...
ACK,
Pushed, thanks. Peter
Daniel
participants (2)
-
Daniel Veillard -
Peter Krempa