[libvirt] [PATCH] qemu: Don't enable seclabel remembering for session mode
The session daemon is unable to set XATTRs in 'trusted' namespace because it doesn't run as privileged process. Therefore, when creating the default qemu config enable rememberOwner only when running as privileged process. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 3718ca6c22..20952e9607 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -145,7 +145,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged) cfg->group = (gid_t)-1; } cfg->dynamicOwnership = privileged; - cfg->rememberOwner = true; + cfg->rememberOwner = privileged; cfg->cgroupControllers = -1; /* -1 == auto-detect */ -- 2.19.2
On Thu, Jan 10, 2019 at 02:02:33PM +0100, Michal Privoznik wrote:
The session daemon is unable to set XATTRs in 'trusted' namespace because it doesn't run as privileged process. Therefore, when creating the default qemu config enable rememberOwner only when running as privileged process.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
participants (2)
-
Ján Tomko -
Michal Privoznik