From nobody Thu May 2 15:49:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1502756967311126.60377494180148; Mon, 14 Aug 2017 17:29:27 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EBF6C496; Tue, 15 Aug 2017 00:29:24 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B482D69311; Tue, 15 Aug 2017 00:29:23 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DCFA54BB79; Tue, 15 Aug 2017 00:29:20 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v7F0ScKD013841 for ; Mon, 14 Aug 2017 20:28:38 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8480660E3C; Tue, 15 Aug 2017 00:28:38 +0000 (UTC) Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com [10.5.110.29]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7F2D960E37 for ; Tue, 15 Aug 2017 00:28:36 +0000 (UTC) Received: from smtp2.provo.novell.com (smtp2.provo.novell.com [137.65.250.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3245A2D0FB0 for ; Tue, 15 Aug 2017 00:28:33 +0000 (UTC) Received: from linux-tbji.provo.novell.com (prv-ext-foundry1int.gns.novell.com [137.65.251.240]) by smtp2.provo.novell.com with ESMTP (NOT encrypted); Mon, 14 Aug 2017 18:08:18 -0600 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com EBF6C496 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=suse.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com EBF6C496 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3245A2D0FB0 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=suse.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=jfehlig@suse.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 3245A2D0FB0 From: Jim Fehlig To: libvir-list@redhat.com Date: Mon, 14 Aug 2017 18:07:10 -0600 Message-Id: <20170815000710.20870-1-jfehlig@suse.com> X-Greylist: Delayed for 00:20:08 by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 15 Aug 2017 00:28:34 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 15 Aug 2017 00:28:34 +0000 (UTC) for IP:'137.65.250.81' DOMAIN:'smtp2.provo.novell.com' HELO:'smtp2.provo.novell.com' FROM:'jfehlig@suse.com' RCPT:'' X-RedHat-Spam-Score: -2.301 (RCVD_IN_DNSWL_MED, SPF_PASS) 137.65.250.81 smtp2.provo.novell.com 137.65.250.81 smtp2.provo.novell.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.29 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] Don't autogenerate seclabels of type 'none' X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 15 Aug 2017 00:29:25 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" When security drivers are active and domain def contains no elements, there is no need to autogenerate seclabels when starting the domain, e.g. In fact, autogenerating the label can result in needless save/restore and migration failures when the security driver is not active on the restore/migration target. The virSecurityManagerGenLabel function in src/security_manager.c even has logic to skip autogenerated labels, but the logic is a bit flawed. Autogeneration should be skipped when the domain has not seclabels, i.e. vm->nseclabels =3D=3D 0. Resolves: https://bugzilla.opensuse.org/show_bug.cgi?id=3D1051017 Signed-off-by: Jim Fehlig --- src/security/security_manager.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 013bbc37e..441c4d1fd 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -670,7 +670,7 @@ virSecurityManagerGenLabel(virSecurityManagerPtr mgr, virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Unconfined guests are not allowed on thi= s host")); goto cleanup; - } else if (vm->nseclabels && generated) { + } else if (vm->nseclabels =3D=3D 0 && generated) { VIR_DEBUG("Skipping auto generated seclabel of type none"); virSecurityLabelDefFree(seclabel); seclabel =3D NULL; --=20 2.13.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list