On 02/05/2014 11:47 AM, Ján Tomko wrote:
Commit 2ce63c1 added imagelabel generation when relabeling is turned
off. But we weren't filling out the sensitivity for type 'none' labels,
resulting in an invalid label:
$ virsh managedsave domain
error: unable to set security context 'system_u:object_r:svirt_image_t'
on fd 28: Invalid argument
---
src/security/security_selinux.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
ACK.
+++ b/src/security/security_selinux.c
@@ -670,7 +670,14 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr
mgr,
break;
case VIR_DOMAIN_SECLABEL_NONE:
-/* no op */
+if (virSecuritySELinuxMCSGetProcessRange(sens,
+ catMin,
+ catMax) 0)
+goto cleanup;
+
+if (VIR_STRDUP(mcs, sens) 0)
+goto cleanup;
+
break;
default:
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list