From c1f0b31267d075b01b69b2d0f36f651e17112fbb Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Mon, 7 Oct 2019 16:14:02 -0400
Subject: [PATCH] security: dac: Add is_toplevel to SetImageLabelInternal

This will simplify future patches and make the logic easier to follow

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
 src/security/security_dac.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index b3e7c6bd17..f3fbede737 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -884,6 +884,7 @@ virSecurityDACSetImageLabelInternal(virSecurityManagerPtr mgr,
     virSecurityDeviceLabelDefPtr parent_seclabel = NULL;
     virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
     bool remember;
+    bool is_toplevel = parent == src;
     uid_t user;
     gid_t group;
 
@@ -928,7 +929,7 @@ virSecurityDACSetImageLabelInternal(virSecurityManagerPtr mgr,
      * but the top layer, or read only image, or disk explicitly
      * marked as shared.
      */
-    remember = src == parent && !src->readonly && !src->shared;
+    remember = is_toplevel && !src->readonly && !src->shared;
 
     return virSecurityDACSetOwnership(mgr, src, NULL, user, group, remember);
 }