selinux: Avoid label reservations for type = none

For security type='none' libvirt according to the docs should not generate seclabel be it for selinux or any model. So, skip the reservation of labels when type is none. Signed-off-by: N Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>

selinux: Avoid label reservations for type = none
For security type='none' libvirt according to the docs should not generate seclabel be it for selinux or any model. So, skip the reservation of labels when type is none. Signed-off-by: N Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
a48362cd · Shivaprasad G Bhat · Martin Kletzander · 1069e3b9 · a48362cd
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

src/security/security_selinux.c src/security/security_selinux.c +3 -1

未找到文件。
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -731,7 +731,9 @@ virSecuritySELinuxReserveSecurityLabel(virSecurityManagerPtr mgr,
    virSecurityLabelDefPtr seclabel;

    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
-    if (!seclabel || seclabel->type == VIR_DOMAIN_SECLABEL_STATIC)
+    if (!seclabel ||
+        seclabel->type == VIR_DOMAIN_SECLABEL_NONE ||
+        seclabel->type == VIR_DOMAIN_SECLABEL_STATIC)
        return 0;

    if (getpidcon_raw(pid, &pctx) == -1) {