From a30e6d17c9abf4f1becfa531e41fd48f9e06649a Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 25 Sep 2018 13:34:43 +0200
Subject: [PATCH] virSecurityDACRestoreAllLabel: Restore more labels
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We are setting label on kernel, initrd, dtb and slic_table files.
But we never restored it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
 src/security/security_dac.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 4935c962b9..dcd0bb558a 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1719,6 +1719,22 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
         virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram) < 0)
         rc = -1;
 
+    if (def->os.kernel &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.kernel) < 0)
+        rc = -1;
+
+    if (def->os.initrd &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.initrd) < 0)
+        rc = -1;
+
+    if (def->os.dtb &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.dtb) < 0)
+        rc = -1;
+
+    if (def->os.slic_table &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.slic_table) < 0)
+        rc = -1;
+
     return rc;
 }
 
-- 
GitLab