On Fri, Apr 03, 2020 at 05:58:03PM +0200, Michal Privoznik wrote:
> As explained in the previous commit, we need to relabel the file
> we are restoring the domain from. That is the FD that is passed
> to QEMU. If the file is not under /dev then the file inside the
> namespace is the very same as the one in the host. And regardless
> of using transactions, the file will be relabeled. But, if the
> file is under /dev then when using transactions only the copy
> inside the namespace is relabeled and the one in the host is not.
> But QEMU is reading from the one in the host, actually.
>
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1772838
>
> Signed-off-by: Michal Privoznik <[email protected]>
> ---
...
>
> /*
> * virSecuritySELinuxSetFileLabels:
> @@ -3596,6 +3606,7 @@ virSecurityDriver virSecurityDriverSELinux = {
> .getBaseLabel = virSecuritySELinuxGetBaseLabel,
>
> .domainSetPathLabel =
> virSecuritySELinuxDomainSetPathLabel,
> + .domainSetIncomingPathLabel =
> virSecuritySELinuxDomainSetIncomingPathLabel,
"HostPath" would IMO feel better than "IncomingPath" in this patch as well.
Reviewed-by: Erik Skultety <[email protected]>
