Turns out, block mirror is not the only job a disk can have. It
can also do commits of one layer into the other. Or possibly some
other tricks too. Problem is that while we set seclabels on given
layers of backing chain when the job is starting (via
qemuDomainStorageSourceAccessAllow()) we don't restore them when
job finishes. This leaves XATTRs set and corresponding images
unusable.
Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
Not sure if we want to remove XATTRs for the top layer too or just the
rest of the backing chain (n=disk->src vs. n=disk->src->backingStore).
Peter?
src/qemu/qemu_blockjob.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c
index a991309ee7..6408f95e4e 100644
--- a/src/qemu/qemu_blockjob.c
+++ b/src/qemu/qemu_blockjob.c
@@ -658,9 +658,9 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverPtr driver,
virObjectUnref(disk->src);
disk->src = disk->mirror;
} else {
+ virStorageSourcePtr n;
+
if (disk->mirror) {
- virStorageSourcePtr n;
-
virDomainLockImageDetach(driver->lockManager, vm, disk->mirror);
/* Ideally, we would restore seclabels on the backing chain here
@@ -678,6 +678,16 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverPtr driver,
virObjectUnref(disk->mirror);
}
+
+ for (n = disk->src; virStorageSourceIsBacking(n); n = n->backingStore) {
+ if (qemuSecurityMoveImageMetadata(driver, vm, n, NULL) < 0) {
+ VIR_WARN("Unable to remove disk metadata on "
+ "vm %s from %s (disk target %s)",
+ vm->def->name,
+ NULLSTR(n->path),
+ disk->dst);
+ }
+ }
}
/* Recompute the cached backing chain to match our
--
2.21.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
