Pulling the disk labelling code out of the exec hook, and into libvirtd will allow it to access shared state in the daemon. It will also make debugging & error reporting easier / more reliable. * qemu/qemu_driver.c: Move initial disk labelling calls up into libvirtd. Add cleanup of disk labels upon failure --- src/qemu/qemu_driver.c | 14 ++++++++------ 1 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 6c66b22..8195b74 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -2443,12 +2443,6 @@ static int qemudDomainSetSecurityLabel(virConnectPtr conn, struct qemud_driver * int rc = 0; if (driver->securityDriver && - driver->securityDriver->domainSetSecurityAllLabel && - driver->securityDriver->domainSetSecurityAllLabel(conn, vm) < 0) - rc = -1; - - if (rc == 0 && - driver->securityDriver && driver->securityDriver->domainSetSecurityProcessLabel && driver->securityDriver->domainSetSecurityProcessLabel(conn, driver->securityDriver, vm) < 0) rc = -1; @@ -2771,6 +2765,11 @@ static int qemudStartVMDaemon(virConnectPtr conn, driver->securityDriver->domainGenSecurityLabel(conn, vm) < 0) return -1; + if (driver->securityDriver && + driver->securityDriver->domainSetSecurityAllLabel && + driver->securityDriver->domainSetSecurityAllLabel(conn, vm) < 0) + goto cleanup; + /* Ensure no historical cgroup for this VM is lieing around bogus settings */ qemuRemoveCgroup(conn, driver, vm, 1); @@ -2979,6 +2978,9 @@ cleanup: * XXX investigate if we can kill this block and safely call * qemudShutdownVMDaemon even though no PID is running */ if (driver->securityDriver && + driver->securityDriver->domainRestoreSecurityAllLabel) + driver->securityDriver->domainRestoreSecurityAllLabel(conn, vm); + if (driver->securityDriver && driver->securityDriver->domainReleaseSecurityLabel) driver->securityDriver->domainReleaseSecurityLabel(conn, vm); qemuRemoveCgroup(conn, driver, vm, 0); -- 1.6.5.2 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list