Re: [libvirt] [PATCH 1/1] Skip file-based security checks for network disks

[Eric Blake]

On 12/20/2010 07:30 PM, Josh Durgin wrote:
> Network disks are accessed by qemu directly, and have no
> associated file on the host, so checking for file ownership etc.
> is unnecessary.
> 
> Signed-off-by: Josh Durgin 
> ---
>  src/conf/domain_conf.c   |2 +-
>  src/qemu/qemu_security_dac.c |2 +-
>  src/security/security_apparmor.c |2 +-
>  src/security/security_selinux.c  |2 +-
>  4 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index d516fbe..c857a89 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -8353,7 +8353,7 @@ int virDomainDiskDefForeachPath(virDomainDiskDefPtr 
> disk,
>  size_t depth = 0;
>  char *nextpath = NULL;
> 
> -if (!disk->src)
> +if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)

ACK and pushed.

-- 
Eric Blake   ebl...@redhat.com+1-801-349-2682
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 1/1] Skip file-based security checks for network disks

[Josh Durgin]

Network disks are accessed by qemu directly, and have no
associated file on the host, so checking for file ownership etc.
is unnecessary.

Signed-off-by: Josh Durgin 
---
 src/conf/domain_conf.c   |2 +-
 src/qemu/qemu_security_dac.c |2 +-
 src/security/security_apparmor.c |2 +-
 src/security/security_selinux.c  |2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d516fbe..c857a89 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8353,7 +8353,7 @@ int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
 size_t depth = 0;
 char *nextpath = NULL;

-if (!disk->src)
+if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
 return 0;

 if (disk->driverType) {
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
index 55dc0c6..88fdb8d 100644
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -144,7 +144,7 @@ 
qemuSecurityDACRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_U
 if (disk->readonly || disk->shared)
 return 0;

-if (!disk->src)
+if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
 return 0;

 /* If we have a shared FS & doing migrated, we must not
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index b43c4ac..468d0a3 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -619,7 +619,7 @@ AppArmorSetSecurityImageLabel(virSecurityDriverPtr drv,
 if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
 return 0;

-if (!disk->src)
+if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
 return 0;

 if (secdef->imagelabel) {
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 49efa75..47da677 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -436,7 +436,7 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityDriverPtr 
drv ATTRIBUTE_UNUSED,
 if (disk->readonly || disk->shared)
 return 0;

-if (!disk->src)
+if (!disk->src || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
 return 0;

 /* If we have a shared FS & doing migrated, we must not
-- 
1.7.2.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list