[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH v3 0/3] Correctly label migration TCP socket



With current libvirt and qemu, migration is not working if SELinux is in
enforcing mode, since the TCP socket we pass to qemu is not labeled in a way
that would allow qemu to read from it.

After this patchset, migration works even in enforcing mode.

Jiri Denemark (3):
  security: Rename SetSocketLabel APIs to SetDaemonSocketLabel
  security: Introduce SetSocketLabel
  qemu: Correctly label migration TCP socket

 src/libvirt_private.syms        |    1 +
 src/qemu/qemu_migration.c       |    5 +++-
 src/qemu/qemu_process.c         |    3 +-
 src/security/security_dac.c     |   11 +++++++++-
 src/security/security_driver.h  |    3 ++
 src/security/security_manager.c |   10 +++++++++
 src/security/security_manager.h |    2 +
 src/security/security_nop.c     |    7 ++++++
 src/security/security_selinux.c |   42 +++++++++++++++++++++++++++++++++++++-
 src/security/security_stack.c   |   17 +++++++++++++++
 10 files changed, 96 insertions(+), 5 deletions(-)

-- 
1.7.6.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]