security: dac: also label listen UNIX sockets
We switched to opening mode='bind' sockets ourselves: commit 30fb2276 qemu: support passing pre-opened UNIX socket listen FD in v4.5.0-rc1~251 Then fixed qemuBuildChrChardevStr to change libvirtd's label while creating the socket: commit b0c6300f qemu: ensure FDs passed to QEMU for chardevs have correct SELinux labels v4.5.0-rc1~52 Also add labeling of these sockets to the DAC driver. Instead of duplicating the logic which decides whether libvirt should pre-create the socket, assume an existing path meaning that it was created by libvirt. https://bugzilla.redhat.com/show_bug.cgi?id=1633389Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
Showing
想要评论请 注册 或 登录