On Tue, May 05, 2015 at 03:09:12PM +0200, Martin Kletzander wrote: > On Tue, May 05, 2015 at 02:14:24PM +0200, Erik Skultety wrote: > >When starting a domain, if we find out domain requests security drivers > >we do not have loaded, we fail. However we don't check for this during > >reconnect, so any operation relying on security driver functionality would fail. > >If someone e.g. starts a domain with selinux driver loaded, then they turn off > >the security driver in config, restart the daemon and call dump/save/.., > >QEMU returns an error. > >As we shouldn't kill the domain, we should at least log an error to let the > >user know that domain reconnect wasn't completely clean. > > > >https://bugzilla.redhat.com/show_bug.cgi?id=1183893 > >--- > > src/qemu/qemu_process.c | 6 ++++++ > > 1 file changed, 6 insertions(+) > > ACK > >diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c > >index 56719eb..8da79e5 100644 > >--- a/src/qemu/qemu_process.c > >+++ b/src/qemu/qemu_process.c > >@@ -3747,6 +3747,12 @@ qemuProcessReconnect(void *opaque) > > if ((qemuDomainAssignAddresses(obj->def, priv->qemuCaps, obj)) < 0) > > goto error; > > > >+ /* if domain requests security driver we haven't loaded, report error, but > >+ * do not kill the domain > >+ */ > >+ ignore_value(virSecurityManagerCheckAllLabel(driver->securityManager, > >+ obj->def)); > >+ > > Shouldn't you reset any possible error after that? > Why? It's already logged and nobody will ever look at it after this function (called in a separate thread) ends. Jan
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list