From nobody Thu Jul 10 00:27:43 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1508510347763748.0562294953885;
 Fri, 20 Oct 2017 07:39:07 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 88842C13DA03;
	Fri, 20 Oct 2017 13:48:58 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 6145B5EDE1;
	Fri, 20 Oct 2017 13:48:58 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2A0D4180BACD;
	Fri, 20 Oct 2017 13:48:58 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v9KDm2Fp020302 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 20 Oct 2017 09:48:02 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id D659C5D762; Fri, 20 Oct 2017 13:48:02 +0000 (UTC)
Received: from angien.brq.redhat.com (unknown [10.43.2.136])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 2FAA75D761;
	Fri, 20 Oct 2017 13:48:02 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 88842C13DA03
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;
 spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 20 Oct 2017 15:47:29 +0200
Message-Id: 
 <a309f9a3f6799907b960a68b087bdfc9daad41a3.1508507145.git.pkrempa@redhat.com>
In-Reply-To: <cover.1508507145.git.pkrempa@redhat.com>
References: <cover.1508507145.git.pkrempa@redhat.com>
In-Reply-To: <cover.1508507145.git.pkrempa@redhat.com>
References: <cover.1508507145.git.pkrempa@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
Subject: [libvirt] [PATCH 04/12] security: selinux: Pass parent storage
	source into image labeling helper
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]);
 Fri, 20 Oct 2017 13:48:59 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

virSecuritySELinuxSetImageLabelInternal assigns different labels to
backing chain members than to the parent image. This was done via the
'first' flag. Convert it to passing in pointer to the parent
virStorageSource. This will allow us to use the parent virStorageSource
in further changes.
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/security/security_selinux.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index cd3e41193..66b3bbf1c 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1592,7 +1592,7 @@ static int
 virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
                                         virDomainDefPtr def,
                                         virStorageSourcePtr src,
-                                        bool first)
+                                        virStorageSourcePtr parent)
 {
     virSecuritySELinuxDataPtr data =3D virSecurityManagerGetPrivateData(mg=
r);
     virSecurityLabelDefPtr secdef;
@@ -1614,7 +1614,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityMa=
nagerPtr mgr,

     if (disk_seclabel && disk_seclabel->relabel && disk_seclabel->label) {
         ret =3D virSecuritySELinuxSetFilecon(mgr, src->path, disk_seclabel=
->label);
-    } else if (first) {
+    } else if (!parent || parent =3D=3D src) {
         if (src->shared) {
             ret =3D virSecuritySELinuxSetFileconOptional(mgr,
                                                        src->path,
@@ -1660,7 +1660,7 @@ virSecuritySELinuxSetImageLabel(virSecurityManagerPtr=
 mgr,
                                 virDomainDefPtr def,
                                 virStorageSourcePtr src)
 {
-    return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, true);
+    return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, NULL);
 }


@@ -1670,14 +1670,11 @@ virSecuritySELinuxSetDiskLabel(virSecurityManagerPt=
r mgr,
                                virDomainDiskDefPtr disk)

 {
-    bool first =3D true;
     virStorageSourcePtr next;

     for (next =3D disk->src; virStorageSourceIsBacking(next); next =3D nex=
t->backingStore) {
-        if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, first)=
 < 0)
+        if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, disk->=
src) < 0)
             return -1;
-
-        first =3D false;
     }

     return 0;
--=20
2.14.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list