Kernel/initrd files are essentially read-only shareable images and thus
should be handled in the same way. We already use the appropriate label
for kernel/initrd files when starting a domain, but when a domain gets
destroyed we would remove the labels which would make other running
domains using the same files very unhappy.
https://bugzilla.redhat.com/show_bug.cgi?id=921135
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit
68acc701bd449481e3206723c25b18fcd3d261b7)
virSecurityDACRestoreSecurityFileLabel(def->os.loader->nvram) < 0)
rc = -1;
- if (def->os.kernel &&
- virSecurityDACRestoreSecurityFileLabel(def->os.kernel) < 0)
- rc = -1;
-
- if (def->os.initrd &&
- virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
- rc = -1;
-
if (def->os.dtb &&
virSecurityDACRestoreSecurityFileLabel(def->os.dtb) < 0)
rc = -1;
virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.loader->nvram) < 0)
rc = -1;
- if (def->os.kernel &&
- virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.kernel) < 0)
- rc = -1;
-
- if (def->os.initrd &&
- virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0)
- rc = -1;
-
if (def->os.dtb &&
virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.dtb) < 0)
rc = -1;
projects / thirdparty / libvirt.git / commitdiff
