On 3/18/21 5:46 PM, Peter Krempa wrote:
When the backup job is terminated normally the security label is restored by the blockjob finishing handler. If the VM dies or is destroyed that wouldn't happen as the blockjob handler wouldn't be called. Restore the security label on disk store where we remember that the job was running at the point when 'qemuBackupJobTerminate' was called. Not resetting the security label means that we also leak the xattr attributes remembering the label which prevents any further use of the file, which is a problem for block devices. This also requires that the call to 'qemuBackupJobTerminate' from 'qemuProcessStop' happens only after 'vm->pid' was reset as otherwise the security subdrivers attempt to enter the process namespace which fails if the process isn't running any more. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1939082 Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> --- src/qemu/qemu_backup.c | 36 ++++++++++++++++++++++++++---------- src/qemu/qemu_process.c | 8 ++++---- 2 files changed, 30 insertions(+), 14 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> Michal
