On Wed, Jun 17, 2020 at 01:35:40PM +0200, Michal Privoznik wrote: > In a few cases we might set seclabels on a path outside of > namespaces. For instance, when restoring a domain from a file, > the file is opened, relabelled and only then the namespace is > created and the FD is passed to QEMU (see v6.3.0-rc1~108 for more > info). Therefore, when restoring the label on the restore file, > we must ignore domain namespaces and restore the label directly > in the host. > > This bug demonstrates itself when restoring a domain from a block > device. We don't create the block device inside the domain > namespace and thus the following error is reported at the end of > (otherwise successful) restore: > > error : virProcessRunInFork:1236 : internal error: child reported (status=125): unable to stat: /dev/sda: No such file or directory > error : virProcessRunInFork:1240 : unable to stat: /dev/sda: No such file or directory > > Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> Reviewed-by: Erik Skultety <eskultet@xxxxxxxxxx>
