rpms/libvirt/F-11 libvirt-0.6.2-shared-readonly-label.patch, NONE, 1.1 libvirt.spec, 1.125, 1.126
Daniel P. Berrange
berrange at fedoraproject.org
Tue May 5 13:01:45 UTC 2009
- Previous message (by thread): rpms/ipsec-tools/F-10 ipsec-tools-0.7.2-natt-linux.patch, NONE, 1.1 .cvsignore, 1.13, 1.14 ipsec-tools.spec, 1.61, 1.62 sources, 1.13, 1.14 ipsec-tools-0.7.1-natt-linux.patch, 1.1, NONE
- Next message (by thread): rpms/openoffice.org/F-11 openoffice.org-3.1.0.ooo101566.svtools.nodefaultwmfwidth.patch, NONE, 1.1 openoffice.org.spec, 1.1905, 1.1906
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: berrange
Update of /cvs/pkgs/rpms/libvirt/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29280
Modified Files:
libvirt.spec
Added Files:
libvirt-0.6.2-shared-readonly-label.patch
Log Message:
Fix labelling of shared/readonly disks (rhbz #493692)
libvirt-0.6.2-shared-readonly-label.patch:
--- NEW FILE libvirt-0.6.2-shared-readonly-label.patch ---
diff -rup libvirt-0.6.2/src/security_selinux.c libvirt-0.6.2.new/src/security_selinux.c
--- libvirt-0.6.2/src/security_selinux.c 2009-04-03 15:36:56.000000000 +0100
+++ libvirt-0.6.2.new/src/security_selinux.c 2009-05-05 13:39:42.000000000 +0100
@@ -24,11 +24,12 @@
#include "virterror_internal.h"
#include "util.h"
#include "memory.h"
-
+#include "logging.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
static char default_domain_context[1024];
+static char default_content_context[1024];
static char default_image_context[1024];
#define SECURITY_SELINUX_VOID_DOI "0"
#define SECURITY_SELINUX_NAME "selinux"
@@ -148,8 +149,13 @@ SELinuxInitialize(virConnectPtr conn)
close(fd);
ptr = strchrnul(default_image_context, '\n');
- *ptr = '\0';
-
+ if (*ptr == '\n') {
+ *ptr = '\0';
+ strcpy(default_content_context, ptr+1);
+ ptr = strchrnul(default_content_context, '\n');
+ if (*ptr == '\n')
+ *ptr = '\0';
+ }
return 0;
}
@@ -275,6 +281,8 @@ SELinuxSetFilecon(virConnectPtr conn, co
{
char ebuf[1024];
+ VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
+
if(setfilecon(path, tcon) < 0) {
virSecurityReportError(conn, VIR_ERR_ERROR,
_("%s: unable to set security context "
@@ -299,6 +307,8 @@ SELinuxRestoreSecurityImageLabel(virConn
char *newpath = NULL;
const char *path = disk->src;
+ /* Don't restore labels on readoly/shared disks, because
+ * other VMs may still be accessing these */
if (disk->readonly || disk->shared)
return 0;
@@ -328,8 +338,13 @@ SELinuxSetSecurityImageLabel(virConnectP
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
- if (secdef->imagelabel)
+ if (disk->shared) {
+ return SELinuxSetFilecon(conn, disk->src, default_image_context);
+ } else if (disk->readonly) {
+ return SELinuxSetFilecon(conn, disk->src, default_content_context);
+ } else if (secdef->imagelabel) {
return SELinuxSetFilecon(conn, disk->src, secdef->imagelabel);
+ }
return 0;
}
@@ -403,9 +418,6 @@ SELinuxSetSecurityLabel(virConnectPtr co
if (secdef->imagelabel) {
for (i = 0 ; i < vm->def->ndisks ; i++) {
- if (vm->def->disks[i]->readonly ||
- vm->def->disks[i]->shared) continue;
-
if (SELinuxSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
return -1;
}
Index: libvirt.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libvirt/F-11/libvirt.spec,v
retrieving revision 1.125
retrieving revision 1.126
diff -u -p -r1.125 -r1.126
--- libvirt.spec 28 Apr 2009 10:57:59 -0000 1.125
+++ libvirt.spec 5 May 2009 13:01:15 -0000 1.126
@@ -66,13 +66,15 @@
Summary: Library providing a simple API virtualization
Name: libvirt
Version: 0.6.2
-Release: 3%{?dist}%{?extra_release}
+Release: 4%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
Source: libvirt-%{version}.tar.gz
# Patches cherry-picked from upstream
Patch0: libvirt-0.6.2-qemu-drive-format.patch
+# Fix shared/readonly disk labelling
+Patch1: libvirt-0.6.2-shared-readonly-label.patch
# Not for upstream. Temporary hack till PulseAudio autostart
# problems are sorted out when SELinux enforcing
@@ -228,6 +230,7 @@ of recent versions of Linux (and other O
%setup -q
%patch0 -p1
+%patch1 -p1
%patch200 -p0
@@ -551,6 +554,9 @@ fi
%endif
%changelog
+* Tue May 5 2009 Daniel P. Berrange <berrange at redhat.com> - 0.6.2-4.fc11
+- Fix labelling of shared/readonly disks (rhbz #493692)
+
* Tue Apr 28 2009 Daniel Veillard <veillard at redhat.com> - 0.6.2-3.fc11
- Fix missing directories in spec (#496945 and gtk-doc)
- Previous message (by thread): rpms/ipsec-tools/F-10 ipsec-tools-0.7.2-natt-linux.patch, NONE, 1.1 .cvsignore, 1.13, 1.14 ipsec-tools.spec, 1.61, 1.62 sources, 1.13, 1.14 ipsec-tools-0.7.1-natt-linux.patch, 1.1, NONE
- Next message (by thread): rpms/openoffice.org/F-11 openoffice.org-3.1.0.ooo101566.svtools.nodefaultwmfwidth.patch, NONE, 1.1 openoffice.org.spec, 1.1905, 1.1906
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list