virSecurityDACRestoreChardevLabel: Restore UNIX sockets too

We're setting seclabels on unix sockets but never restoring them.
Surprisingly, we are doing so in SELinux driver.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 6f8ca8cd54b0fb1cbaaf10eb118c811094d312b8..3c21dbbddb3af6d29be4f234dba9c03b4475d15d 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1457,13 +1457,20 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr,
         ret = 0;
         break;
 
+    case VIR_DOMAIN_CHR_TYPE_UNIX:
+        if (!dev_source->data.nix.listen &&
+            virSecurityDACRestoreFileLabel(mgr, dev_source->data.nix.path) < 0) {
+            goto done;
+        }
+        ret = 0;
+        break;
+
     case VIR_DOMAIN_CHR_TYPE_NULL:
     case VIR_DOMAIN_CHR_TYPE_VC:
     case VIR_DOMAIN_CHR_TYPE_PTY:
     case VIR_DOMAIN_CHR_TYPE_STDIO:
     case VIR_DOMAIN_CHR_TYPE_UDP:
     case VIR_DOMAIN_CHR_TYPE_TCP:
-    case VIR_DOMAIN_CHR_TYPE_UNIX:
     case VIR_DOMAIN_CHR_TYPE_SPICEVMC:
     case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
     case VIR_DOMAIN_CHR_TYPE_NMDM: