From: Guannan Ren <gren@redhat.com>
Date: Wed, 17 Oct 2012 03:23:19 +0000 (+0800)
Subject: selinux: fix wrong tapfd relablling
X-Git-Tag: v0.10.2.1~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2716c78c3feecbda66bde865aaf5d262fd335739;p=thirdparty%2Flibvirt.git

selinux: fix wrong tapfd relablling

It should relabel tapfd of virtual network of type VIR_DOMAIN_NET_TYPE_DIRECT
rather than VIR_DOMAIN_NET_TYPE_NETWORK and VIR_DOMAIN_NET_TYPE_BRIDGE
(commit ae368ebfcc4923d0b32e83d4ca96a6f599625785 introduced this bug)

Caution: The context of the two hunks is identical other than indentation.
Please be extremely cautious of where the patch gets applied.
(cherry picked from commit 89b63f0ad448a0442f4afc5489748e2cc829e527)
---

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index f0e9f02ae1..d2288575be 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -5461,10 +5461,6 @@ qemuBuildCommandLine(virConnectPtr conn,
                     if (tapfd < 0)
                         goto error;
 
-                if (virSecurityManagerSetTapFDLabel(driver->securityManager,
-                                                    def, tapfd) < 0)
-                    goto error;
-
                     last_good_net = i;
                     virCommandTransferFD(cmd, tapfd);
 
@@ -5478,6 +5474,10 @@ qemuBuildCommandLine(virConnectPtr conn,
                 if (tapfd < 0)
                     goto error;
 
+                if (virSecurityManagerSetTapFDLabel(driver->securityManager,
+                                                    def, tapfd) < 0)
+                    goto error;
+
                 last_good_net = i;
                 virCommandTransferFD(cmd, tapfd);