Skip file-based security checks for network disks

Network disks are accessed by qemu directly, and have no associated file on the host, so checking for file ownership etc. is unnecessary. Signed-off-by: N Josh Durgin <joshd@hq.newdream.net>

Skip file-based security checks for network disks
Network disks are accessed by qemu directly, and have no associated file on the host, so checking for file ownership etc. is unnecessary. Signed-off-by: N Josh Durgin <joshd@hq.newdream.net>
ee3efc41 · Josh Durgin · Eric Blake · 2954eb7b · ee3efc41 · ee3efc41
4 changed file
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8353,7 +8353,7 @@ int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
    size_t depth = 0;
    char *nextpath = NULL;

-    if (!disk->src)
+    if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
        return 0;

    if (disk->driverType) {

--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -144,7 +144,7 @@ qemuSecurityDACRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_U
    if (disk->readonly || disk->shared)
        return 0;

-    if (!disk->src)
+    if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
        return 0;

    /* If we have a shared FS & doing migrated, we must not

--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -619,7 +619,7 @@ AppArmorSetSecurityImageLabel(virSecurityDriverPtr drv,
    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
        return 0;

-    if (!disk->src)
+    if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
        return 0;

    if (secdef->imagelabel) {

--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -436,7 +436,7 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
    if (disk->readonly || disk->shared)
        return 0;

-    if (!disk->src)
+    if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
        return 0;

    /* If we have a shared FS & doing migrated, we must not