From 3d6cdba1b10216981cb7c48ddbe8f045cdd5110b Mon Sep 17 00:00:00 2001
Message-Id: <3d6cdba1b10216981cb7c48ddbe8f045cdd5110b@dist-git>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Wed, 5 Feb 2014 20:17:42 +0100
Subject: [PATCH] Generate a valid imagelabel even for type 'none'

https://bugzilla.redhat.com/show_bug.cgi?id=1061657

Commit 2ce63c1 added imagelabel generation when relabeling is turned
off. But we weren't filling out the sensitivity for type 'none' labels,
resulting in an invalid label:

$ virsh managedsave domain
error: unable to set security context 'system_u:object_r:svirt_image_t'
on fd 28: Invalid argument

(cherry picked from commit 0db9b0883c23d6c60ebca3f91f1f5ba4f8bd0587)

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/security/security_selinux.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 29520ad..ba008ca 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -673,7 +673,14 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
         break;
 
     case VIR_DOMAIN_SECLABEL_NONE:
-        /* no op */
+        if (virSecuritySELinuxMCSGetProcessRange(&sens,
+                                                 &catMin,
+                                                 &catMax) < 0)
+            goto cleanup;
+
+        if (VIR_STRDUP(mcs, sens) < 0)
+            goto cleanup;
+
         break;
 
     default:
-- 
1.8.5.4