[libvirt] Problem with the current svirt patch

[Daniel J Walsh]

The current svirt patch relabels all disk to the image_t:MCS, which is 
incorrect.  Read Only Disks and Sharable Disks should not be labeled.

Also when libvirt is completed running the image it needs to relabel the 
image back to something sane.  Right now it is labeling everything
imagelabel:s0, including phisical disk partitions.  I considered two 
ways of labeling the "disk" back.  We can either grab the label when 
libvirt starts and change it back to this label when ever an image 
completes or we can ask the system what the label should be. 
(matcpathcon).  I originally coded up the first, but quickly realized if 
anything went wrong with libvirt labeling like a crash, the labels on 
disk could be wrong.  And libvirt would continuously set them to this 
wrong label.  With matchpathcon, libvirt will at least set them to 
something sane.

So this patch Removes labeling of readonly and shared disks and restores 
the images label to the system default when the image completes.

I would really like to get this in ASAP.  Since currently libvirt is 
relabeing the cdrom to virt_image_t when it is complete as well as 
physical disks.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: svirt.patch
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090313/fa0c6507/attachment-0001.ksh>