[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 0/3] Fix domain restore problems when selinux is enforcing



Prior to this patch series, restoring a domain with selinux set to
enforcing would fail, because the function that sets the label on the
file to allow qemu to read it did not have the name of the file (see
the comments in the individual patches). A patch from Jamie Stranboge
(2b57478ef0a0a983cc6a47b98300c8359f9708d0) added the filename to the
args passed down into the security driver; the first patch of this
series takes advantage of that to properly set the label.

Patches 2 and 3 solve a problem with restoring a domain from an NFS
share - in this case the selinux functions will fail (as will
functions trying to set the uid of the file, if it is a root-squashed
share). The solution to this is just ignore the
failure. qemudDomainSaveFlag previously had a bit of code that
detected if a particular path was on an NFS share; this code was moved
into a utility function so it could be re-used during domain restore -
if the security driver fails to set the label, and the file is on an
NFS share, we ignore the failure, otherwise we behave as before.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]