Jamie, This patch was ACKed but somehow never pushed. Is it still okay to push it as is? On Mon, 2010-04-05 at 16:15 -0500, Jamie Strandboge wrote: > 4_qemu_driver_stdin_path.patch: adjust args to qemudStartVMDaemon() to > also specify path to stdin_fd, so this can be passed to the AppArmor > driver via *SetSecurityAllLabel(). This updates all calls to > qemudStartVMDaemon() as well as setting up the non-AppArmor security > driver *SetSecurityAllLabel() declarations for the above. This is > required for 5_apparmor-fix-save-restore.patch since AppArmor resolves > the passed file descriptor to the pathname given to open(). -- Jamie Strandboge | http://www.canonical.com diff -Naur libvirt.orig/src/qemu/qemu_driver.c libvirt/src/qemu/qemu_driver.c --- libvirt.orig/src/qemu/qemu_driver.c 2010-04-05 13:07:44.000000000 -0500 +++ libvirt/src/qemu/qemu_driver.c 2010-04-05 14:16:20.000000000 -0500 @@ -148,7 +148,8 @@ struct qemud_driver *driver, virDomainObjPtr vm, const char *migrateFrom, - int stdin_fd); + int stdin_fd, + const char *stdin_path); static void qemudShutdownVMDaemon(struct qemud_driver *driver, virDomainObjPtr vm); @@ -629,7 +630,7 @@ int ret; virResetLastError(); - ret = qemudStartVMDaemon(data->conn, data->driver, vm, NULL, -1); + ret = qemudStartVMDaemon(data->conn, data->driver, vm, NULL, -1, NULL); if (ret < 0) { virErrorPtr err = virGetLastError(); VIR_ERROR(_("Failed to autostart VM '%s': %s"), @@ -3145,7 +3146,8 @@ struct qemud_driver *driver, virDomainObjPtr vm, const char *migrateFrom, - int stdin_fd) { + int stdin_fd, + const char *stdin_path) { const char **argv = NULL, **tmp; const char **progenv = NULL; int i, ret; @@ -3193,7 +3195,7 @@ DEBUG0("Generating setting domain security labels (if required)"); if (driver->securityDriver && driver->securityDriver->domainSetSecurityAllLabel && - driver->securityDriver->domainSetSecurityAllLabel(vm) < 0) + driver->securityDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0) goto cleanup; /* Ensure no historical cgroup for this VM is lying around bogus @@ -4054,7 +4056,7 @@ if (qemuDomainObjBeginJobWithDriver(driver, vm) < 0) goto cleanup; /* XXXX free the 'vm' we created ? */ - if (qemudStartVMDaemon(conn, driver, vm, NULL, -1) < 0) { + if (qemudStartVMDaemon(conn, driver, vm, NULL, -1, NULL) < 0) { if (qemuDomainObjEndJob(vm) > 0) virDomainRemoveInactive(&driver->domains, vm); @@ -5909,7 +5911,7 @@ } } /* Set the migration source and start it up. */ - ret = qemudStartVMDaemon(conn, driver, vm, "stdio", fd); + ret = qemudStartVMDaemon(conn, driver, vm, "stdio", fd, path); if (intermediate_pid != -1) { /* Wait for intermediate process to exit */ while (waitpid(intermediate_pid, &childstat, 0) == -1 && @@ -6334,7 +6336,7 @@ virDomainObjLock(vm); } - ret = qemudStartVMDaemon(dom->conn, driver, vm, NULL, -1); + ret = qemudStartVMDaemon(dom->conn, driver, vm, NULL, -1, NULL); if (ret != -1) event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STARTED, @@ -9400,7 +9402,7 @@ /* Start the QEMU daemon, with the same command-line arguments plus * -incoming unix:/path/to/file or exec:nc -U /path/to/file */ - internalret = qemudStartVMDaemon(dconn, driver, vm, migrateFrom, -1); + internalret = qemudStartVMDaemon(dconn, driver, vm, migrateFrom, -1, NULL); VIR_FREE(migrateFrom); if (internalret < 0) { /* Note that we don't set an error here because qemudStartVMDaemon @@ -9605,7 +9607,7 @@ * -incoming tcp:0.0.0.0:port */ snprintf (migrateFrom, sizeof (migrateFrom), "tcp:0.0.0.0:%d", this_port); - if (qemudStartVMDaemon (dconn, driver, vm, migrateFrom, -1) < 0) { + if (qemudStartVMDaemon (dconn, driver, vm, migrateFrom, -1, NULL) < 0) { /* Note that we don't set an error here because qemudStartVMDaemon * should have already done that. */ @@ -11027,7 +11029,7 @@ goto cleanup; rc = qemudStartVMDaemon(snapshot->domain->conn, driver, vm, NULL, - -1); + -1, NULL); if (qemuDomainSnapshotSetInactive(vm, driver->snapshotDir) < 0) goto cleanup; if (rc < 0) diff -Naur libvirt.orig/src/qemu/qemu_security_dac.c libvirt/src/qemu/qemu_security_dac.c --- libvirt.orig/src/qemu/qemu_security_dac.c 2010-03-24 11:44:19.000000000 -0500 +++ libvirt/src/qemu/qemu_security_dac.c 2010-04-05 14:14:43.000000000 -0500 @@ -346,7 +346,7 @@ static int -qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm) +qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_UNUSED) { int i; diff -Naur libvirt.orig/src/qemu/qemu_security_stacked.c libvirt/src/qemu/qemu_security_stacked.c --- libvirt.orig/src/qemu/qemu_security_stacked.c 2010-03-03 07:07:33.000000000 -0600 +++ libvirt/src/qemu/qemu_security_stacked.c 2010-04-05 14:14:43.000000000 -0500 @@ -196,18 +196,18 @@ static int -qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm) +qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path) { int rc = 0; if (driver->securitySecondaryDriver && driver->securitySecondaryDriver->domainSetSecurityAllLabel && - driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm) < 0) + driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0) rc = -1; if (driver->securityPrimaryDriver && driver->securityPrimaryDriver->domainSetSecurityAllLabel && - driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm) < 0) + driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0) rc = -1; return rc; diff -Naur libvirt.orig/src/security/security_driver.h libvirt/src/security/security_driver.h --- libvirt.orig/src/security/security_driver.h 2010-03-24 11:44:19.000000000 -0500 +++ libvirt/src/security/security_driver.h 2010-04-05 14:14:43.000000000 -0500 @@ -45,7 +45,8 @@ typedef int (*virSecurityDomainGenLabel) (virDomainObjPtr sec); typedef int (*virSecurityDomainReserveLabel) (virDomainObjPtr sec); typedef int (*virSecurityDomainReleaseLabel) (virDomainObjPtr sec); -typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec); +typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec, + const char *stdin_path); typedef int (*virSecurityDomainRestoreAllLabel) (virDomainObjPtr vm); typedef int (*virSecurityDomainGetProcessLabel) (virDomainObjPtr vm, virSecurityLabelPtr sec); diff -Naur libvirt.orig/src/security/security_selinux.c libvirt/src/security/security_selinux.c --- libvirt.orig/src/security/security_selinux.c 2010-04-05 13:07:44.000000000 -0500 +++ libvirt/src/security/security_selinux.c 2010-04-05 14:14:43.000000000 -0500 @@ -722,7 +722,7 @@ } static int -SELinuxSetSecurityAllLabel(virDomainObjPtr vm) +SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_UNUSED) { const virSecurityLabelDefPtr secdef = &vm->def->seclabel; int i; -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list