From 023da7ddbd048efed41c37923c79456fb4ec92c1 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 17 Oct 2017 07:25:51 +0200
Subject: [PATCH] security: selinux: Pass parent storage source into image
 labeling helper

virSecuritySELinuxSetImageLabelInternal assigns different labels to
backing chain members than to the parent image. This was done via the
'first' flag. Convert it to passing in pointer to the parent
virStorageSource. This will allow us to use the parent virStorageSource
in further changes.
---
 src/security/security_selinux.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index cd3e411931..66b3bbf1c5 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1592,7 +1592,7 @@ static int
 virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
                                         virDomainDefPtr def,
                                         virStorageSourcePtr src,
-                                        bool first)
+                                        virStorageSourcePtr parent)
 {
     virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
     virSecurityLabelDefPtr secdef;
@@ -1614,7 +1614,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
 
     if (disk_seclabel && disk_seclabel->relabel && disk_seclabel->label) {
         ret = virSecuritySELinuxSetFilecon(mgr, src->path, disk_seclabel->label);
-    } else if (first) {
+    } else if (!parent || parent == src) {
         if (src->shared) {
             ret = virSecuritySELinuxSetFileconOptional(mgr,
                                                        src->path,
@@ -1660,7 +1660,7 @@ virSecuritySELinuxSetImageLabel(virSecurityManagerPtr mgr,
                                 virDomainDefPtr def,
                                 virStorageSourcePtr src)
 {
-    return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, true);
+    return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, NULL);
 }
 
 
@@ -1670,14 +1670,11 @@ virSecuritySELinuxSetDiskLabel(virSecurityManagerPtr mgr,
                                virDomainDiskDefPtr disk)
 
 {
-    bool first = true;
     virStorageSourcePtr next;
 
     for (next = disk->src; virStorageSourceIsBacking(next); next = next->backingStore) {
-        if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, first) < 0)
+        if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, disk->src) < 0)
             return -1;
-
-        first = false;
     }
 
     return 0;