From: Jim Fehlig <jfehlig@suse.com>
Date: Thu, 15 May 2014 22:38:01 +0000 (-0600)
Subject: security_dac: avoid relabeling when relabel='no'
X-Git-Tag: v1.2.5-rc1~45
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9369a562446b7bb5314e6e1f6e65379bc1da6721;p=thirdparty%2Flibvirt.git

security_dac: avoid relabeling when relabel='no'

If relabel='no' at the domain level, no need to attempt relabeling
in virSecurityDAC{Set,Restore}SecurityAllLabel().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 2928c1dffc..f46b6425df 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -823,12 +823,14 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
                                       int migrated)
 {
     virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    virSecurityLabelDefPtr secdef;
     size_t i;
     int rc = 0;
 
-    if (!priv->dynamicOwnership)
-        return 0;
+    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
 
+    if (!priv->dynamicOwnership || (secdef && secdef->norelabel))
+        return 0;
 
     VIR_DEBUG("Restoring security label on %s migrated=%d",
               def->name, migrated);
@@ -898,11 +900,11 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
     uid_t user;
     gid_t group;
 
-    if (!priv->dynamicOwnership)
-        return 0;
-
     secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
 
+    if (!priv->dynamicOwnership || (secdef && secdef->norelabel))
+        return 0;
+
     for (i = 0; i < def->ndisks; i++) {
         /* XXX fixme - we need to recursively label the entire tree :-( */
         if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR)