Dan Kenigsberg has posted comments on this change. Change subject: lvm: Set libvirt image selinux label on block devices backing vdsm images ......................................................................
Patch Set 2: (1 comment) http://gerrit.ovirt.org/#/c/33492/2//COMMIT_MSG Commit Message: Line 22: We don't know why the selinux label is lost, and lvm developers claim Line 23: that relevant code was not changed recently. This issue may be caused by Line 24: lower level components such as device mapper, multipath or iscsi. Line 25: Line 26: This patch adds a temporary solution, by updating vdsm lvm rules to set > Can we reproduce the label removal with Maybe libvirt is chcon'ing the device instead of setting a udev rule? In that case, the change does not survive further udev triggers. If this is the case, it's a libvirt bug that should be considered there. (we can still hack it in vdsm until they solve it properly) BTW, why does SElinux context changes matter to qemu? Doesn't it keep an open file descriptor? Line 27: the libvirt image selinux label on vdsm images. Line 28: Line 29: Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10 Line 30: Bug-Url: https://bugzilla.redhat.com/1127460 -- To view, visit http://gerrit.ovirt.org/33492 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10 Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Nir Soffer <nsof...@redhat.com> Gerrit-Reviewer: Allon Mureinik <amure...@redhat.com> Gerrit-Reviewer: Dan Kenigsberg <dan...@redhat.com> Gerrit-Reviewer: Federico Simoncelli <fsimo...@redhat.com> Gerrit-Reviewer: Francesco Romani <from...@redhat.com> Gerrit-Reviewer: Nir Soffer <nsof...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
