Generate a valid imagelabel even for type 'none'

Commit 2ce63c1 added imagelabel generation when relabeling is turned
off. But we weren't filling out the sensitivity for type 'none' labels,
resulting in an invalid label:

$ virsh managedsave domain
error: unable to set security context 'system_u:object_r:svirt_image_t'
on fd 28: Invalid argument

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index aa47667b149564b132765870abede7f968896ab6..448f686ea2b1a1e9ed39fff8b00bdbfcbc45a40b 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -670,7 +670,14 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
         break;
 
     case VIR_DOMAIN_SECLABEL_NONE:
-        /* no op */
+        if (virSecuritySELinuxMCSGetProcessRange(&sens,
+                                                 &catMin,
+                                                 &catMax) < 0)
+            goto cleanup;
+
+        if (VIR_STRDUP(mcs, sens) < 0)
+            goto cleanup;
+
         break;
 
     default: