On 09/10/2018 05:36 AM, Michal Privoznik wrote: > So far the whole transaction handling is done > virSecuritySELinuxSetFileconHelper(). This needs to change for > the sake of security label remembering and locking. Otherwise we > would be locking a path when only appending it to transaction > list and not when actually relabelling it. > > Signed-off-by: Michal Privoznik <mpriv...@redhat.com> > --- > src/security/security_selinux.c | 35 ++++++++++++++++++++++++++--------- > 1 file changed, 26 insertions(+), 9 deletions(-) > I shall note only that you didn't follow what you did for DAC with regard to copying around the comment: /* Be aware that this function might run in a separate process. * Therefore, any driver state changes would be thrown away. */ Beyond that - this is light years cleaner than DAC, thankfully because my wife will be not be happy if I go on much longer ;-) I trust you can move comments appropriately... Reviewed-by: John Ferlan <jfer...@redhat.com> John -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
- [libvirt] [PATCH v4 07/23] lock_driver_lockd: Introduce V... Michal Privoznik
- [libvirt] [PATCH v4 18/23] security_dac: Fix info message... Michal Privoznik
- [libvirt] [PATCH v4 08/23] lock_driver: Introduce new VIR... Michal Privoznik
- [libvirt] [PATCH v4 10/23] lock_driver: Introduce VIR_LOC... Michal Privoznik
- [libvirt] [PATCH v4 06/23] virlockspace: Allow caller to ... Michal Privoznik
- [libvirt] [PATCH v4 09/23] _virLockManagerLockDaemonPriva... Michal Privoznik
- [libvirt] [PATCH v4 22/23] security_selinux: Move transac... Michal Privoznik
- Re: [libvirt] [PATCH v4 22/23] security_selinux: Mov... John Ferlan
- Re: [libvirt] [PATCH v4 22/23] security_selinux:... Michal Privoznik
- [libvirt] [PATCH v4 21/23] virSecuritySELinuxRestoreFileL... Michal Privoznik
- [libvirt] [PATCH v4 19/23] security_dac: Lock metadata wh... Michal Privoznik
- [libvirt] [PATCH v4 14/23] qemu_conf: Introduce metadata_... Michal Privoznik
- [libvirt] [PATCH v4 23/23] security_dac: Lock metadata wh... Michal Privoznik
- [libvirt] [PATCH v4 13/23] lock_manager: Allow disabling ... Michal Privoznik
- [libvirt] [PATCH v4 11/23] lock_driver: Introduce VIR_LOC... Michal Privoznik