git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Michal Privoznik <mprivozn@redhat.com>
	Fri, 3 Apr 2020 08:28:17 +0000 (10:28 +0200)
committer	Michal Privoznik <mprivozn@redhat.com>
	Fri, 17 Apr 2020 14:24:30 +0000 (16:24 +0200)
commit	28fdfd20f2699f51d5bcfe97dfc4deddca6d7e6e
tree	04978318ace409cef2404062353fcc67422047e6	tree \| snapshot
parent	55cbb94e2e033766a4132cf7a8f16e4966166bef	commit \| diff

qemu: Label restore path outside of secdriver transactions

As explained in the previous commit, we need to relabel the file
we are restoring the domain from. That is the FD that is passed
to QEMU. If the file is not under /dev then the file inside the
namespace is the very same as the one in the host. And regardless
of using transactions, the file will be relabeled. But, if the
file is under /dev then when using transactions only the copy
inside the namespace is relabeled and the one in the host is not.
But QEMU is reading from the one in the host, actually.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1772838

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>

src/qemu/qemu_security.c		diff \| blob \| blame \| history
src/security/security_selinux.c		diff \| blob \| blame \| history