virSecurityDACRestoreImageLabelInt: Restore even shared/RO disks

Now that we have seclabel remembering we can safely restore labels for shared and RO disks. In fact we need to do that to keep seclabel refcount stored in XATTRs in sync with reality. Signed-off-by: N Michal Privoznik <mprivozn@redhat.com> Reviewed-by: N Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: N Ján Tomko <jtomko@redhat.com>

virSecurityDACRestoreImageLabelInt: Restore even shared/RO disks
Now that we have seclabel remembering we can safely restore labels for shared and RO disks. In fact we need to do that to keep seclabel refcount stored in XATTRs in sync with reality. Signed-off-by: N Michal Privoznik <mprivozn@redhat.com> Reviewed-by: N Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: N Ján Tomko <jtomko@redhat.com>
d7420430 · Michal Privoznik · 1845d3ad · d7420430
隐藏空白更改
内联并排

Showing with 0 addition and 8 deletion

src/security/security_dac.c src/security/security_dac.c +0 -8

未找到文件。
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -932,14 +932,6 @@ virSecurityDACRestoreImageLabelInt(virSecurityManagerPtr mgr,
    if (!priv->dynamicOwnership)
        return 0;

-    /* Don't restore labels on readoly/shared disks, because other VMs may
-     * still be accessing these. Alternatively we could iterate over all
-     * running domains and try to figure out if it is in use, but this would
-     * not work for clustered filesystems, since we can't see running VMs using
-     * the file on other nodes. Safest bet is thus to skip the restore step. */
-    if (src->readonly || src->shared)
-        return 0;
-
    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
    if (secdef && !secdef->relabel)
        return 0;