From a08810195cad633da35d0eb653b2e24cbfe75758 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 12 Mar 2013 17:34:37 +0000
Subject: [PATCH] Fix query of LXC security label

The virDomainGetSecurityLabel method is currently (mistakenly)
showing the label of the libvirt_lxc process:

...snip...
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:virtd_t:s0-s0:c0.c1023 (permissive)

when it should be showing the init process label

...snip...
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c724,c995 (permissive)
---
 src/lxc/lxc_driver.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 5d0613a5f3..8603078d1e 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1162,8 +1162,16 @@ static int lxcDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr secla
      *   LXC monitor hasn't seen SIGHUP/ERR on poll().
      */
     if (virDomainObjIsActive(vm)) {
+        virLXCDomainObjPrivatePtr priv = vm->privateData;
+
+        if (!priv->initpid) {
+            virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+                           _("Init pid is not yet available"));
+            goto cleanup;
+        }
+
         if (virSecurityManagerGetProcessLabel(driver->securityManager,
-                                              vm->def, vm->pid, seclabel) < 0) {
+                                              vm->def, priv->initpid, seclabel) < 0) {
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            "%s", _("Failed to get security label"));
             goto cleanup;
-- 
2.47.2