Add a new flag QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_CHAIN to select whether
to work on single image or full chain.
Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
src/qemu/qemu_domain.c | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 6644c1418b..30acba3c47 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -9214,6 +9214,8 @@ qemuDomainDiskGetBackendAlias(virDomainDiskDefPtr disk,
typedef enum {
/* revoke access to the image instead of allowing it */
QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_REVOKE = 1 << 0,
+ /* operate on full backing chain rather than single image */
+ QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_CHAIN = 1 << 1,
} qemuDomainStorageSourceAccessFlags;
@@ -9239,6 +9241,8 @@ qemuDomainStorageSourceAccessModify(virQEMUDriverPtr driver,
const char *srcstr = NULLSTR(src->path);
int ret = -1;
virErrorPtr orig_err = NULL;
+ bool chain = flags & QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_CHAIN;
+ int rc;
/* just tear down the disk access */
if (flags & QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_REVOKE) {
@@ -9253,20 +9257,30 @@ qemuDomainStorageSourceAccessModify(virQEMUDriverPtr driver,
if (qemuDomainNamespaceSetupDisk(vm, src) < 0)
goto rollback_lock;
- if (qemuSecuritySetImageLabel(driver, vm, src, true) < 0)
+ if (qemuSecuritySetImageLabel(driver, vm, src, chain) < 0)
goto rollback_namespace;
- if (qemuSetupImageChainCgroup(vm, src) < 0)
+ if (chain)
+ rc = qemuSetupImageChainCgroup(vm, src);
+ else
+ rc = qemuSetupImageCgroup(vm, src);
+
+ if (rc < 0)
goto rollback_label;
ret = 0;
goto cleanup;
rollback_cgroup:
- if (qemuTeardownImageChainCgroup(vm, src) < 0)
+ if (chain)
+ rc = qemuTeardownImageChainCgroup(vm, src);
+ else
+ rc = qemuTeardownImageCgroup(vm, src);
+
+ if (rc < 0)
VIR_WARN("Unable to tear down cgroup access on %s", srcstr);
rollback_label:
- if (qemuSecurityRestoreImageLabel(driver, vm, src, true) < 0)
+ if (qemuSecurityRestoreImageLabel(driver, vm, src, chain) < 0)
VIR_WARN("Unable to restore security label on %s", srcstr);
rollback_namespace:
@@ -9289,7 +9303,7 @@ qemuDomainStorageSourceChainAccessAllow(virQEMUDriverPtr driver,
virDomainObjPtr vm,
virStorageSourcePtr src)
{
- qemuDomainStorageSourceAccessFlags flags = 0;
+ qemuDomainStorageSourceAccessFlags flags = QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_CHAIN;
return qemuDomainStorageSourceAccessModify(driver, vm, src, flags);
}
@@ -9300,7 +9314,8 @@ qemuDomainStorageSourceChainAccessRevoke(virQEMUDriverPtr driver,
virDomainObjPtr vm,
virStorageSourcePtr src)
{
- qemuDomainStorageSourceAccessFlags flags = QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_REVOKE;
+ qemuDomainStorageSourceAccessFlags flags = QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_REVOKE |
+ QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_CHAIN;
return qemuDomainStorageSourceAccessModify(driver, vm, src, flags);
}
--
2.20.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
