[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH v2 0/2] dac: relabel spice rendernode



This fixes the last issue preventing qemu:///system spice GL from working
out of the box: chown'ing the rendernode path so we have permissions
to open it.

We skip this if mount namespaces are disabled, so the chown'ing won't
interfere with other rendernode users on the host.

https://bugzilla.redhat.com/show_bug.cgi?id=1460804

v2:
    Add the MOUNT_NAMESPACE handling
    Drop DAC restore of rendernode

Cole Robinson (2):
  security: add MANAGER_MOUNT_NAMESPACE flag
  security: dac: relabel spice rendernode

 src/qemu/qemu_driver.c          |  2 ++
 src/security/security_dac.c     | 68 +++++++++++++++++++++++++++++++++++++++++
 src/security/security_dac.h     |  3 ++
 src/security/security_manager.c |  4 ++-
 src/security/security_manager.h |  1 +
 5 files changed, 77 insertions(+), 1 deletion(-)

-- 
2.13.5


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]