On Mon, May 23, 2011 at 10:03:58PM +0200, Christian Brunner wrote:

Restoring security labels on network shares doesn't work and will cause an error. Therefore it should be skipped.

Signed-off-by: Christian Brunner <chb@muc.de> --- src/security/security_dac.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c index fba2d1d..02c0bc1 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -213,6 +213,13 @@ virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr, if (!disk->src) return 0;

+ /* Don't restore labels on network shares */ + if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK) { + VIR_DEBUG("Skipping image label restore on %s because FS is of type network", + disk->src); + return 0; + } +

There needs to be more than just this. We should also skip it in the virSecurityDACSetSecurityImageLabel call, and also do both for TYPE_DIR too Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|