[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 0/2] Don't lose running domains configured with no seclabel

From: Jiri Denemark <jdenemar redhat com>
To: libvir-list redhat com
Subject: [libvirt] [PATCH 0/2] Don't lose running domains configured with no seclabel
Date: Tue, 7 Feb 2012 21:10:41 +0100

It's not exactly obvious but these two patches fix quite an ugly bug affecting
setups without any useful security driver (i.e., either explicitly or
implicitly using driver 'none').

When a domain is defined without any <seclabel> element in its XML and started
by libvirt, an incorrect <seclabel> element is put into its runtime XML
configuration which causes such domain to disappear from libvirt when libvirtd
is restarted. Without these patches, the incorrect element is

    <seclabel type='dynamic' relabel='yes'/>

after applying patch 2/2, the element is

    <seclabel type='none' relabel='yes'/>

which is still wrong and after applying both of these patches, correct element

    <seclabel type='none'/>

is placed into the runtime XML configuration.

Jiri Denemark (2):
  seclabel: Do not output relabel attribute for type 'none'
  security: Driver 'none' cannot create confined guests

 src/conf/domain_conf.c                             |    9 +++++----
 src/security/security_manager.c                    |   20 ++++++++++++++++++++
 .../qemuxml2argv-seclabel-none.xml                 |    2 +-
 tests/seclabeltest.c                               |    2 +-
 4 files changed, 27 insertions(+), 6 deletions(-)

-- 
1.7.8.4

Follow-Ups:
- [libvirt] [PATCH 1/2] seclabel: Do not output relabel attribute for type 'none'
  - From: Jiri Denemark
- [libvirt] [PATCH 2/2] security: Driver 'none' cannot create confined guests
  - From: Jiri Denemark

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]