[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[libvirt] Re: [PATCH 6/6] Re-label image file backing stores

From: "Daniel P. Berrange" <berrange redhat com>
To: Mark McLoughlin <markmc redhat com>
Cc: libvir-list redhat com
Subject: [libvirt] Re: [PATCH 6/6] Re-label image file backing stores
Date: Wed, 30 Sep 2009 10:29:21 +0100

On Tue, Sep 29, 2009 at 09:56:49AM +0100, Mark McLoughlin wrote:
> Use virStorageFileGetMetadata() to find any backing stores for images
> and re-label them
> 
> Without this, qemu cannot access qcow2 backing files, see:
> 
>   https://bugzilla.redhat.com/497131
> 
> * src/security/security_selinux.c: re-label backing store files in
>   SELinuxSetSecurityImageLabel()
> ---
>  src/security/security_selinux.c |   28 ++++++++++++++++++++++++++++
>  1 files changed, 28 insertions(+), 0 deletions(-)
> 
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index b84de8f..670fcb2 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -27,6 +27,7 @@
>  #include "logging.h"
>  #include "pci.h"
>  #include "hostusb.h"
> +#include "storage_file.h"
>  
>  #define VIR_FROM_THIS VIR_FROM_SECURITY
>  
> @@ -403,10 +404,37 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
>  
>  {
>      const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
> +    const char *path;
>  
>      if (!disk->src)
>          return 0;
>  
> +    path = disk->src;
> +    do {
> +        virStorageFileMetadata meta;
> +        int ret;
> +
> +        memset(&meta, 0, sizeof(meta));
> +
> +        ret = virStorageFileGetMetadata(conn, path, &meta);
> +
> +        if (path != disk->src)
> +            VIR_FREE(path);
> +        path = NULL;
> +
> +        if (ret < 0)
> +            return -1;
> +
> +        if (meta.backingStore != NULL &&
> +            SELinuxSetFilecon(conn, meta.backingStore,
> +                              default_content_context) < 0) {
> +            VIR_FREE(meta.backingStore);
> +            return -1;
> +        }
> +
> +        path = meta.backingStore;
> +    } while (path != NULL);
> +
>      if (disk->shared) {
>          return SELinuxSetFilecon(conn, disk->src, default_image_context);
>      } else if (disk->readonly) {

ACK

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

References:
- Re: [libvirt] [PATCH 6/7] Move virStorageBackendProbeTarget to libvirt_util
  - From: Daniel P. Berrange
- [libvirt] [PATCH 6/6] Re-label image file backing stores
  - From: Mark McLoughlin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]