[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 7/7] Re-label image file backing stores



Use virStorageFileProbeHeader() to find any backing stores for images
and re-label them

Without this, qemu cannot access qcow2 backing files, see:

  https://bugzilla.redhat.com/497131

* src/security/security_selinux.c: re-label backing store files in
  SELinuxSetSecurityImageLabel()
---
 src/security/security_selinux.c |   26 ++++++++++++++++++++++++++
 1 files changed, 26 insertions(+), 0 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index b84de8f..f415118 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -27,6 +27,7 @@
 #include "logging.h"
 #include "pci.h"
 #include "hostusb.h"
+#include "storage_file.h"
 
 #define VIR_FROM_THIS VIR_FROM_SECURITY
 
@@ -403,10 +404,35 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
 
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+    const char *path;
+    char *backingStore = NULL;
 
     if (!disk->src)
         return 0;
 
+    path = disk->src;
+    do {
+        int ret;
+
+        ret = virStorageFileProbeHeader(conn, path, NULL, &backingStore,
+                                        NULL, NULL, NULL, NULL);
+
+        if (path != disk->src)
+            VIR_FREE(path);
+        path = NULL;
+
+        if (ret < 0)
+            return -1;
+
+        if (backingStore != NULL &&
+            SELinuxSetFilecon(conn, backingStore, default_content_context) < 0) {
+            VIR_FREE(backingStore);
+            return -1;
+        }
+
+        path = backingStore;
+    } while (path != NULL);
+
     if (disk->shared) {
         return SELinuxSetFilecon(conn, disk->src, default_image_context);
     } else if (disk->readonly) {
-- 
1.6.2.5


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]