On Tue, Apr 07, 2026 at 14:06:46 +0200, Peter Krempa via Devel wrote: > On Thu, Apr 02, 2026 at 11:12:37 -0400, Cole Robinson via Devel wrote: > > Fixed to abide domain seclabel model='dac' override > > > > Signed-off-by: Cole Robinson <[email protected]> > > --- > > src/qemu/qemu_domain.c | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c > > index bed8c558d0..c89030b60c 100644 > > --- a/src/qemu/qemu_domain.c > > +++ b/src/qemu/qemu_domain.c > > @@ -9107,6 +9107,8 @@ qemuDomainPrepareStorageSourceNbdkit(virStorageSource > > *src, > > g_autoptr(qemuNbdkitCaps) nbdkit = NULL; > > qemuDomainObjPrivate *priv = vm->privateData; > > g_autoptr(virQEMUDriverConfig) cfg = > > virQEMUDriverGetConfig(priv->driver); > > + uid_t uid; > > + gid_t gid; > > > > if (!cfg->storageUseNbdkit) > > return false; > > @@ -9118,8 +9120,9 @@ qemuDomainPrepareStorageSourceNbdkit(virStorageSource > > *src, > > if (!nbdkit) > > return false; > > > > + qemuDomainGetImageIds(cfg, vm->def, NULL, NULL, &uid, &gid); > > So here the user/group is used to set the UID/GID of the nbdkit > process. But this function also takes 'src' so it would seem to make > sense on first glance to pass it to qemuDomainGetImageIds to apply the > imagelabel as well. I don't think we want to do that, but the commit is > not justifying in any way why qemuDomainGetImageIds is called as it is. > > Thus you'll have to add a comment expalining why the function is passed > only the VM definition. > > I'd be even more critical to do so if you don't rename it as suggested > earlier because qemuDomainGetImageIds really suggests that it ought to > have 'src' passed in too.
With the rename done and the suggested comment added: Reviewed-by: Peter Krempa <[email protected]>
