]> git.ipfire.org Git - thirdparty/libvirt.git/commit
projects / thirdparty / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0f03ca6) | patch
selinux: properly label tap FDs with imagelabel
authorMartin Kletzander <mkletzan@redhat.com>
Mon, 1 Sep 2014 13:27:00 +0000 (15:27 +0200)
committerMartin Kletzander <mkletzan@redhat.com>
Mon, 1 Sep 2014 13:36:23 +0000 (15:36 +0200)
commita4431931393aeb1ac5893f121151fa3df4fde612
tree3daf8b57ec1a3f763ccbd860f726a71e6c40dbf1tree
parent0f03ca6d2952718778546bdafb097a1c6efb6359commit | diff
selinux: properly label tap FDs with imagelabel

The cleanup in commit cf976d9d used secdef->label to label the tap
FDs, but that is not possible since it's process-only label (svirt_t)
and not a object label (e.g. svirt_image_t).  Starting a domain failed
with EPERM, but simply using secdef->imagelabel instead of
secdef->label fixes it.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
src/security/security_selinux.c diff | blob | blame | history
Mirror of https://github.com/libvirt/libvirt.git