On Mon, Mar 28, 2011 at 04:33:58PM -0600, Eric Blake wrote: > My earlier testing for commit 34fa0de0 was done while starting > just-built libvirt from an unconfined_t shell, where the fds happened > to work when transferring to qemu. But when installed and run under > virtd_t, failure to label the raw file (with no compression) or the > pipe (with compression) triggers SELinux failures when passing fds > over SCM_RIGHTS to svirt_t qemu. > > * src/qemu/qemu_migration.c (qemuMigrationToFile): When passing > FDs, make sure they are labeled. > --- > > This copies the fd-labeling approach added in commit 34a19dda1. > > With this patch, I tested both unconfined_t and virtd_t SELinux > process labels for libvirtd (shell start vs. init start). > > virsh managedsave dom/virsh start dom > works for both raw and compressed save_image_format, both contexts > > virsh save dom file/virsh restore file > works for raw save_image_format, both contexts > works for compressed with virtd_t context > save fails for compressed with unconfined_t context, with the failure > looking identical to the previously-reported failure for restore > in the same settings (https://bugzilla.redhat.com/show_bug.cgi?id=691499) > > So I'm reasonably confident that this is a good patch. > > src/qemu/qemu_migration.c | 8 ++++++-- > 1 files changed, 6 insertions(+), 2 deletions(-) > > diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c > index 98b9d01..43741e1 100644 > --- a/src/qemu/qemu_migration.c > +++ b/src/qemu/qemu_migration.c > @@ -1304,8 +1304,12 @@ qemuMigrationToFile(struct qemud_driver *driver, virDomainObjPtr vm, > if (qemuCaps && qemuCapsGet(qemuCaps, QEMU_CAPS_MIGRATE_QEMU_FD) && > (!compressor || pipe(pipeFD) == 0)) { > /* All right! We can use fd migration, which means that qemu > - * doesn't have to open() the file, so we don't have to futz > - * around with granting access or revoking it later. */ > + * doesn't have to open() the file, so while we still have to > + * grant SELinux access, we can do it on fd and avoid cleanup > + * later, as well as skip futzing with cgroup. */ > + if (virSecurityManagerSetFDLabel(driver->securityManager, vm, > + compressor ? pipeFD[1] : fd) < 0) > + goto cleanup; > is_reg = true; > bypassSecurityDriver = true; > } else { Based on the xplanations, that looks a reasonable patch, ACK, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@xxxxxxxxxxxx | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list