[libvirt] [PATCH 1/3] Add a function to the security driver API that sets the label of an open fd.
Laine Stump
laine at laine.org
Wed Jan 26 14:04:17 UTC 2011
On 01/25/2011 04:03 PM, Laine Stump wrote:
> On 01/25/2011 12:48 PM, Daniel P. Berrange wrote:
>> On Tue, Jan 25, 2011 at 04:24:18AM -0500, Laine Stump wrote:
>>> A need was found to set the SELinux context label on an open fd (a
>>> pipe, as a matter of fact). This patch adds a function to the security
>>> driver API that will set the label on an open fd to secdef.label. For
>>> all drivers other than the SELinux driver, it's a NOP. For the SElinux
>>> driver, it calls fsetfilecon().
>>>
>>> If the return is a failure, it only returns error up to the caller if
>>> 1) the desired label is different from the existing label, 2) the
>>> destination fd is of a type that supports setting the selinux context,
>>> and 3) selinux is in enforcing mode. Otherwise it will return
>>> success. This follows the pattern of the existing function
>>> SELinuxSetFilecon().
>> ACK
>>
>
> Thanks. I'll hold off on pushing this just in case the discussion on
> PATCH 2/3 leads to a change requirement in this one.
Now pushed.
More information about the libvir-list
mailing list