1. 24 4月, 2020 1 次提交
  2. 23 4月, 2020 6 次提交
  3. 16 4月, 2020 1 次提交
  4. 08 4月, 2020 1 次提交
  5. 07 4月, 2020 4 次提交
  6. 03 4月, 2020 2 次提交
  7. 02 4月, 2020 1 次提交
  8. 30 3月, 2020 2 次提交
  9. 25 3月, 2020 7 次提交
  10. 24 3月, 2020 1 次提交
  11. 19 3月, 2020 1 次提交
  12. 17 3月, 2020 6 次提交
  13. 13 3月, 2020 5 次提交
  14. 09 3月, 2020 1 次提交
    • M
      qemu: Tell secdrivers which images are top parent · 13eb6c14
      Michal Privoznik 提交于
      When preparing images for block jobs we modify their seclabels so
      that QEMU can open them. However, as mentioned in the previous
      commit, secdrivers base some it their decisions whether the image
      they are working on is top of of the backing chain. Fortunately,
      in places where we call secdrivers we know this and the
      information can be passed to secdrivers.
      
      The problem is the following: after the first blockcommit from
      the base to one of the parents the XATTRs on the base image are
      not cleared and therefore the second attempt to do another
      blockcommit fails. This is caused by blockcommit code calling
      qemuSecuritySetImageLabel() over the base image, possibly
      multiple times (to ensure RW/RO access). A naive fix would be to
      call the restore function. But this is not possible, because that
      would deny QEMU the access to the base image.  Fortunately, we
      can use the fact that seclabels are remembered only for the top
      of the backing chain and not for the rest of the backing chain.
      And thanks to the previous commit we can tell secdrivers which
      images are top of the backing chain.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1803551Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      Reviewed-by: NPeter Krempa <pkrempa@redhat.com>
      13eb6c14
  15. 05 3月, 2020 1 次提交