selinux: Don't remember labels for shareable SCSI devices

For shareable/readonly devices, label restore is skipped entirely in
virSecuritySELinuxRestoreSCSILabel. So requesting remember=true here
doesn't accomplish anything

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 19e550460c1ed43769b2d7dd42ea39de8a87baa6..3a91ea46d3508326d2dcbf4f57b1ab5f488a11d5 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2171,10 +2171,10 @@ virSecuritySELinuxSetSCSILabel(virSCSIDevice *dev,
 
     if (virSCSIDeviceGetShareable(dev))
         return virSecuritySELinuxSetFilecon(mgr, file,
-                                            data->file_context, true);
+                                            data->file_context, false);
     else if (virSCSIDeviceGetReadonly(dev))
         return virSecuritySELinuxSetFilecon(mgr, file,
-                                            data->content_context, true);
+                                            data->content_context, false);
     else
         return virSecuritySELinuxSetFilecon(mgr, file,
                                             secdef->imagelabel, true);