On 03/28/2011 08:33 PM, Daniel Veillard wrote: > On Mon, Mar 28, 2011 at 04:33:58PM -0600, Eric Blake wrote: >> My earlier testing for commit 34fa0de0 was done while starting >> just-built libvirt from an unconfined_t shell, where the fds happened >> to work when transferring to qemu. But when installed and run under >> virtd_t, failure to label the raw file (with no compression) or the >> pipe (with compression) triggers SELinux failures when passing fds >> over SCM_RIGHTS to svirt_t qemu. >> >> * src/qemu/qemu_migration.c (qemuMigrationToFile): When passing >> FDs, make sure they are labeled. > > Based on the xplanations, that looks a reasonable patch, > > ACK, Thanks; pushed. Here's hoping the SELinux policy can indeed be updated to make testing this from unconfined context easier. -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list