For shareable/readonly devices, label restore is skipped entirely in virSecuritySELinuxRestoreSCSILabel. So requesting remember=true here doesn't accomplish anything
Signed-off-by: Cole Robinson <[email protected]> --- src/security/security_selinux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 19e550460c..3a91ea46d3 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2171,10 +2171,10 @@ virSecuritySELinuxSetSCSILabel(virSCSIDevice *dev, if (virSCSIDeviceGetShareable(dev)) return virSecuritySELinuxSetFilecon(mgr, file, - data->file_context, true); + data->file_context, false); else if (virSCSIDeviceGetReadonly(dev)) return virSecuritySELinuxSetFilecon(mgr, file, - data->content_context, true); + data->content_context, false); else return virSecuritySELinuxSetFilecon(mgr, file, secdef->imagelabel, true); -- 2.51.1
