[libvirt] [PATCH] qemu: Don't enable seclabel remembering for session mode

Michal Privoznik posted 1 patch 22 weeks ago
Test syntax-check passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/135dc0c6e2d23fc1661ebb82434ba7760b0cba46.1547125353.git.mprivozn@redhat.com
src/qemu/qemu_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[libvirt] [PATCH] qemu: Don't enable seclabel remembering for session mode

Posted by Michal Privoznik 22 weeks ago
The session daemon is unable to set XATTRs in 'trusted'
namespace because it doesn't run as privileged process.
Therefore, when creating the default qemu config enable
rememberOwner only when running as privileged process.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_conf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 3718ca6c22..20952e9607 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -145,7 +145,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
         cfg->group = (gid_t)-1;
     }
     cfg->dynamicOwnership = privileged;
-    cfg->rememberOwner = true;
+    cfg->rememberOwner = privileged;
 
     cfg->cgroupControllers = -1; /* -1 == auto-detect */
 
-- 
2.19.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] qemu: Don't enable seclabel remembering for session mode

Posted by Ján Tomko 22 weeks ago
On Thu, Jan 10, 2019 at 02:02:33PM +0100, Michal Privoznik wrote:
>The session daemon is unable to set XATTRs in 'trusted'
>namespace because it doesn't run as privileged process.
>Therefore, when creating the default qemu config enable
>rememberOwner only when running as privileged process.
>
>Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
>---
> src/qemu/qemu_conf.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list