[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] storage: qemu: Fix security labelling of new image chain elements



On 11/20/2014 08:23 AM, Peter Krempa wrote:
> When creating a disk image snapshot the libvirt code would blindly copy
> the parents label to the newly created image. This runs into problems
> when you start a VM from an image hosted on NFS (or other storage system
> that doesn't support selinux labels) and the snapshot destination is on
> a storage system that does support selinux labels. Libvirt's code in
> that case generates a different security label for the image hosted on
> NFS. This label is valid only for NFS images and doesn't allow access in
> case of a locally stored image.
> 
> To fix this issue libvirt needs to refrain from copying security
> information in cases where the default domain seclabel is a better
> choice.
> 
> This patch repurposes the now unused @force argument of
> virStorageSourceInitChainElement to denote whether a copy of the
> security labelling stuff should be attempted or not. This allows to
> fine-control the copy operation for cases where we need to keep the
> label of the old disk vs. the cases where we need to keep the label
> unset to use the default domain imagelabel.
> 
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1151718
> ---

> + * If @transferLabels is true, security labels from the existing disk are copied
> + * to the new disk. Otherwise the default domain imagelabel label will be used.
>   *
>   * Returns 0 on success, -1 on error.
>   */
>  int
>  virStorageSourceInitChainElement(virStorageSourcePtr newelem,
>                                   virStorageSourcePtr old,
> -                                 bool force)
> +                                 bool transferLables)

Comment was right, code is not.  s/transferLables/transferLabels/

ACK with that fix.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]