Re: [libvirt] [PATCH] Generate a valid imagelabel even for type 'none'

2014-02-05 Thread Eric Blake 
On 02/05/2014 11:47 AM, Ján Tomko wrote:
 Commit 2ce63c1 added imagelabel generation when relabeling is turned
 off. But we weren't filling out the sensitivity for type 'none' labels,
 resulting in an invalid label:
 
 $ virsh managedsave domain
 error: unable to set security context 'system_u:object_r:svirt_image_t'
 on fd 28: Invalid argument
 ---
  src/security/security_selinux.c | 9 -
  1 file changed, 8 insertions(+), 1 deletion(-)

ACK.

 +++ b/src/security/security_selinux.c
 @@ -670,7 +670,14 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr 
 mgr,
  break;
  
  case VIR_DOMAIN_SECLABEL_NONE:
 -/* no op */
 +if (virSecuritySELinuxMCSGetProcessRange(sens,
 + catMin,
 + catMax)  0)
 +goto cleanup;
 +
 +if (VIR_STRDUP(mcs, sens)  0)
 +goto cleanup;
 +
  break;
  
  default:
 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Generate a valid imagelabel even for type 'none'

2014-02-05 Thread Ján Tomko 
On 02/05/2014 07:54 PM, Eric Blake wrote:
 On 02/05/2014 11:47 AM, Ján Tomko wrote:
 Commit 2ce63c1 added imagelabel generation when relabeling is turned
 off. But we weren't filling out the sensitivity for type 'none' labels,
 resulting in an invalid label:

 $ virsh managedsave domain
 error: unable to set security context 'system_u:object_r:svirt_image_t'
 on fd 28: Invalid argument
 ---
  src/security/security_selinux.c | 9 -
  1 file changed, 8 insertions(+), 1 deletion(-)
 
 ACK.
 

Thanks, pushed.

Jan




signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list