Re: [PATCH 6/6] qemuSecurityDomainRestorePathLabel: Introduce @ignoreNS argument

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 17, 2020 at 01:35:40PM +0200, Michal Privoznik wrote:
> In a few cases we might set seclabels on a path outside of
> namespaces. For instance, when restoring a domain from a file,
> the file is opened, relabelled and only then the namespace is
> created and the FD is passed to QEMU (see v6.3.0-rc1~108 for more
> info). Therefore, when restoring the label on the restore file,
> we must ignore domain namespaces and restore the label directly
> in the host.
>
> This bug demonstrates itself when restoring a domain from a block
> device. We don't create the block device inside the domain
> namespace and thus the following error is reported at the end of
> (otherwise successful) restore:
>
> error : virProcessRunInFork:1236 : internal error: child reported (status=125): unable to stat: /dev/sda: No such file or directory
> error : virProcessRunInFork:1240 : unable to stat: /dev/sda: No such file or directory
>
> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
Reviewed-by: Erik Skultety <eskultet@xxxxxxxxxx>




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux