git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Michal Privoznik <mprivozn@redhat.com>
	Wed, 23 Nov 2016 10:52:57 +0000 (11:52 +0100)
committer	Michal Privoznik <mprivozn@redhat.com>
	Thu, 15 Dec 2016 08:25:16 +0000 (09:25 +0100)
commit	eadaa975480d10eb057eb72bf833888e88e948e8
tree	389426a64d185ec507c84debc1f340499ba73b24	tree
parent	2160f338a74543634e26aeddef1e4c63184660da	commit \| diff

qemu: Enter the namespace on relabelling

Instead of trying to fix our security drivers, we can use a
simple trick to relabel paths in both namespace and the host.
I mean, if we enter the namespace some paths are still shared
with the host so any change done to them is visible from the host
too.
Therefore, we can just enter the namespace and call
SetAllLabel()/RestoreAllLabel() from there. Yes, it has slight
overhead because we have to fork in order to enter the namespace.
But on the other hand, no complexity is added to our code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

src/Makefile.am		diff \| blob \| blame \| history
src/qemu/qemu_process.c		diff \| blob \| blame \| history
src/qemu/qemu_security.c	[new file with mode: 0644]	blob
src/qemu/qemu_security.h	[new file with mode: 0644]	blob