The patch committed here
commit 547147084d03ebf30d09d242a5a721a4df664ffe
Author: Mark McLoughlin <markmc@xxxxxxxxxx>
Date: Fri Jul 3 10:26:37 2009 +0000
was not actually the latest version currently used in Fedora. It causes
shared disks to be re-labelled upon VM shutdown, breaking any other
guests still runing with this disk. The only safe option is to skip
relabel for all readonly & shared disks
Daniel
diff --git a/src/security_selinux.c b/src/security_selinux.c
index 80c1c85..0db9f49 100644
--- a/src/security_selinux.c
+++ b/src/security_selinux.c
@@ -354,6 +354,17 @@ SELinuxRestoreSecurityImageLabel(virConnectPtr conn,
char *newpath = NULL;
const char *path = disk->src;
+ /* Don't restore labels on readoly/shared disks, because
+ * other VMs may still be accessing these
+ * Alternatively we could iterate over all running
+ * domains and try to figure out if it is in use, but
+ * this would not work for clustered filesystems, since
+ * we can't see running VMs using the file on other nodes
+ * Safest bet is thus to skip the restore step.
+ */
+ if (disk->readonly || disk->shared)
+ return 0;
+
if ((err = virFileResolveLink(path, &newpath)) < 0) {
virReportSystemError(conn, err,
_("cannot resolve symlink %s"), path);
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list