selinux: fix wrong tapfd relablling

It should relabel tapfd of virtual network of type VIR_DOMAIN_NET_TYPE_DIRECT
rather than VIR_DOMAIN_NET_TYPE_NETWORK and VIR_DOMAIN_NET_TYPE_BRIDGE
(commit ae368ebfcc4923d0b32e83d4ca96a6f599625785 introduced this bug)

Caution: The context of the two hunks is identical other than indentation.
Please be extremely cautious of where the patch gets applied.
(cherry picked from commit 89b63f0ad448a0442f4afc5489748e2cc829e527)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index f0e9f02ae1043a96a9ad30ce79dcf41287cabfe7..d2288575bef77e04e90768af181a08912bc82bcf 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -5461,10 +5461,6 @@ qemuBuildCommandLine(virConnectPtr conn,
                     if (tapfd < 0)
                         goto error;
 
-                if (virSecurityManagerSetTapFDLabel(driver->securityManager,
-                                                    def, tapfd) < 0)
-                    goto error;
-
                     last_good_net = i;
                     virCommandTransferFD(cmd, tapfd);
 
@@ -5478,6 +5474,10 @@ qemuBuildCommandLine(virConnectPtr conn,
                 if (tapfd < 0)
                     goto error;
 
+                if (virSecurityManagerSetTapFDLabel(driver->securityManager,
+                                                    def, tapfd) < 0)
+                    goto error;
+
                 last_good_net = i;
                 virCommandTransferFD(cmd, tapfd);