NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

security: dac: Label externalDataStore

Browse Source 
We mirror the labeling strategy that was used for its sibling
image

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
This commit is contained in:
Cole Robinson 2019-10-07 16:20:12 -04:00
parent aa736c098e
commit efe3575e60
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/security/security_dac.c
View File

@ -884,7 +884,7 @@ virSecurityDACSetImageLabelInternal(virSecurityManagerPtr mgr,
virSecurityDeviceLabelDefPtr parent_seclabel = NULL; virSecurityDeviceLabelDefPtr parent_seclabel = NULL;
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
bool remember; bool remember;
bool is_toplevel = parent == src; bool is_toplevel = parent == src || parent->externalDataStore == src;
uid_t user; uid_t user;
gid_t group; gid_t group;
@ -948,6 +948,14 @@ virSecurityDACSetImageLabelRelative(virSecurityManagerPtr mgr,
if (virSecurityDACSetImageLabelInternal(mgr, def, n, parent) < 0) if (virSecurityDACSetImageLabelInternal(mgr, def, n, parent) < 0)
return -1; return -1;
if (n->externalDataStore &&
virSecurityDACSetImageLabelRelative(mgr,
def,
n->externalDataStore,
parent,
flags) < 0)
return -1;
if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN))
break; break;
} }