[PATCH 04/16] qemu: domain taint: use qemuDomainGetImageIds()

Cole Robinson via Devel Thu, 02 Apr 2026 08:21:37 -0700

Fixed to abide domain seclabel model='dac' override

Signed-off-by: Cole Robinson <[email protected]>
---
 src/qemu/qemu_domain.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)


diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index d3daa0fe17..efbcdc6d2d 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5832,10 +5832,13 @@ void qemuDomainObjCheckTaint(virQEMUDriver *driver,
     g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
     qemuDomainObjPrivate *priv = obj->privateData;
     bool custom_hypervisor_feat = false;
+    uid_t uid;
+    gid_t gid;
 
+    qemuDomainGetImageIds(cfg, obj->def, NULL, NULL, &uid, &gid);
     if (driver->privileged &&
-        (cfg->user == 0 ||
-         cfg->group == 0))
+        (uid == 0 ||
+         gid == 0))
         qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, 
logCtxt);
 
     if (priv->hookRun)
-- 
2.53.0

[PATCH 04/16] qemu: domain taint: use qemuDomainGetImageIds()

Reply via email to