security: Introduce VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP flag
Our decision whether to remember seclabel for a disk image depends on a few factors. If the image is readonly or shared or not the chain top the remembering is suppressed for the image. However, the virSecurityManagerSetImageLabel() is too low level to determine whether passed @src is chain top or not. Even though the function has the @parent argument it does not necessarily reflect the chain top - it only points to the top level image in the chain we want to relabel and not to the topmost image of the whole chain. And this can't be derived from the passed domain definition reliably neither - in some cases (like snapshots or block copy) the @src is added to the definition only after the operation succeeded. Therefore, introduce a flag which callers can use to help us with the decision. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NPeter Krempa <pkrempa@redhat.com>
Showing
想要评论请 注册 或 登录