First Last Prev Next    This bug is not in your last search results.
Bug 568935 - RFE: Skip labelling: Ability to skip disk re-labelling step on a per file basis
RFE: Skip labelling: Ability to skip disk re-labelling step on a per file basis
Status: CLOSED CURRENTRELEASE
Product: Virtualization Tools
Classification: Community
Component: libvirt (Show other bugs)
unspecified
All Linux
low Severity medium
: ---
: ---
Assigned To: Libvirt Maintainers
:
Depends On:
Blocks: libvirtTodoSecurity
  Show dependency treegraph
 
Reported: 2010-02-26 19:33 EST by Cristian Ciupitu
Modified: 2012-04-18 15:44 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-04-18 15:44:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Cristian Ciupitu 2010-02-26 19:33:18 EST 
Description of problem:
When I use an install ISO image labeled public_content_t, virt-manager will relabel it as virt_content_t without any warnings. It will also change its owner and group to qemu. It should allow virtual machines to read those files (which might also be shared via http, samba or nfs).

Version-Release number of selected component (if applicable):
virt-manager-0.8.2-1.fc12.noarch.rpm

How reproducible:
Every time.

Steps to Reproduce:
1. Create a new VM.
2. Select an ISO image labeled public_content_t.
3. Continue all the steps until the machine is started.
  
Actual results:
The ISO image will be labeled virt_content_t and its owner and group will be changed to qemu.

Expected results:
A warning should be displayed if the permissions of the file need to be changed or even better allow the virtual machine to read public_content_t files.

Additional info:
I'm also using the following packages:
libvirt-0.7.1-15.fc12.x86_64.rpm
selinux-policy-targeted-3.6.32-89.fc12.noarch.rpm

A related RFE is bug #568933.
Comment 1 Cole Robinson 2010-02-26 20:42:34 EST 
Libvirt is doing the relabeling here. Reassigning.
Comment 2 Cristian Ciupitu 2010-06-05 12:28:07 EDT 
It's still present in libvirt-0.7.7-4.fc13.x86_64.rpm.
Comment 3 Cristian Ciupitu 2010-08-24 12:59:57 EDT 
It's still present in libvirt-0.8.2-1.fc13.x86_64.rpm.
Comment 4 Eric Blake 2012-04-18 15:44:06 EDT 
Done with this commit in 0.9.9:
commit b43432931aef92325920953ff92beabfbe5224c8
Author: Eric Blake <eblake@redhat.com>
Date:   Thu Dec 22 17:47:50 2011 -0700

    seclabel: allow a seclabel override on a disk src
    
    Implement the parsing and formatting of the XML addition of
    the previous commit.  The new XML doesn't affect qemu command
    line, so we can now test round-trip XML->memory->XML handling.
    
    I chose to reuse the existing structure, even though per-device
    override doesn't use all of those fields, rather than create a
    new structure, in order to reuse more code.
    
    * src/conf/domain_conf.h (_virDomainDiskDef): Add seclabel member.
    * src/conf/domain_conf.c (virDomainDiskDefFree): Free it.
    (virSecurityLabelDefFree): New function.
    (virDomainDiskDefFormat): Print it.
    (virSecurityLabelDefFormat): Reduce output if model not present.
    (virDomainDiskDefParseXML): Alter signature, and parse seclabel.
    (virSecurityLabelDefParseXML): Split...
    (virSecurityLabelDefParseXMLHelper): ...into new helper.
    (virDomainDeviceDefParse, virDomainDefParseXML): Update callers.
    * tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.args:
    New file.
    * tests/qemuxml2xmltest.c (mymain): Enhance test.
    * tests/qemuxml2argvtest.c (mymain): Likewise.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.