Re-label image file backing stores

Use virStorageFileGetMetadata() to find any backing stores for images and re-label them Without this, qemu cannot access qcow2 backing files, see: https://bugzilla.redhat.com/497131 * src/security/security_selinux.c: re-label backing store files in SELinuxSetSecurityImageLabel()

Re-label image file backing stores
Use virStorageFileGetMetadata() to find any backing stores for images and re-label them Without this, qemu cannot access qcow2 backing files, see: https://bugzilla.redhat.com/497131 * src/security/security_selinux.c: re-label backing store files in SELinuxSetSecurityImageLabel()
fe627697 · Mark McLoughlin · 295fd6e8 · fe627697
隐藏空白更改
内联并排

Showing with 28 addition and 0 deletion

src/security/security_selinux.c src/security/security_selinux.c +28 -0

未找到文件。
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -27,6 +27,7 @@
 #include "logging.h"
 #include "pci.h"
 #include "hostusb.h"
+#include "storage_file.h"

 #define VIR_FROM_THIS VIR_FROM_SECURITY

@@ -403,10 +404,37 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,

 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+    const char *path;

    if (!disk->src)
        return 0;

+    path = disk->src;
+    do {
+        virStorageFileMetadata meta;
+        int ret;
+
+        memset(&meta, 0, sizeof(meta));
+
+        ret = virStorageFileGetMetadata(conn, path, &meta);
+
+        if (path != disk->src)
+            VIR_FREE(path);
+        path = NULL;
+
+        if (ret < 0)
+            return -1;
+
+        if (meta.backingStore != NULL &&
+            SELinuxSetFilecon(conn, meta.backingStore,
+                              default_content_context) < 0) {
+            VIR_FREE(meta.backingStore);
+            return -1;
+        }
+
+        path = meta.backingStore;
+    } while (path != NULL);
+
    if (disk->shared) {
        return SELinuxSetFilecon(conn, disk->src, default_image_context);
    } else if (disk->readonly) {