[PATCH] nbd/server: Add --selinux-label option

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] nbd/server: Add --selinux-label option

From:	Richard W.M. Jones
Subject:	[PATCH] nbd/server: Add --selinux-label option
Date:	Thu, 22 Jul 2021 17:32:39 +0100

https://bugzilla.redhat.com/show_bug.cgi?id=1984938

The purpose of the patch is explained in the commit message / bug.  In
the cover I want to explain a couple of design choices.

If libselinux isn't available at build time then the --selinux-label
option is still present.  It does not appear in the qemu-nbd --help
output.  If you still use it, it is ignored.  (By contrast nbdkit will
give an error if you try to use the option without having SELinux
support.  It's not clear which is better.)

We give an error if setsockcreatecon_raw fails.  In theory we could
ignore this error (warning?) and keep going.  Either SELinux would
later reject clients or it wouldn't.

Rich.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] nbd/server: Add --selinux-label option, Richard W.M. Jones <=
- [PATCH] nbd/server: Add --selinux-label option, Richard W.M. Jones, 2021/07/22
  - Re: [PATCH] nbd/server: Add --selinux-label option, Daniel P . Berrangé, 2021/07/22

Prev by Date: Re: [PATCH for-6.1? 1/6] mirror: Keep s->synced on error
Next by Date: [PATCH] nbd/server: Add --selinux-label option
Previous by thread: [PATCH for-6.1? 0/6] mirror: Handle errors after READY cancel
Next by thread: [PATCH] nbd/server: Add --selinux-label option
Index(es):
- Date
- Thread