On Fri, May 20, 2011 at 03:40:35PM +0100, Daniel P. Berrange wrote:
> I think we likely need /var/cache/libvirt to be 0711 so that
> QEMU can access directories below it, but not actually read it.
0711 does indeed work fine. However, where/what sets this?
> Oh, there is a bogus 'if (dom) virDomainFree(dom)' call in the
> remote dispatcher remoteDispatchDomainMemoryPeek
Ah, well spotted! The attached patch does indeed remove the
warning/error.
> We will also need to set the SELinux context on the file. So instead
> of directly using chown, we need to call
>
> virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
OK, this works -- see updated patch attached.
> and after the monitor command completes, run
>
> virSecurityManagerRestoreSavedStateLabel(qemu_driver->securityManager, vm, tmp);
This says:
15:52:28.144: 11128: warning : SELinuxRestoreSecurityFileLabel:460 : cannot lookup default selinux label for /var/cache/libvirt/qemu/qemu.mem.Cjn86L
Is it really necessary to restore the label for a file we're going
to delete?
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v
>From db103b9f9f5c3916d3f6eafea8d732cad01ab979 Mon Sep 17 00:00:00 2001
From: Richard W.M. Jones <rjones@xxxxxxxxxx>
Date: Fri, 20 May 2011 13:56:46 +0100
Subject: [PATCH 1/2] qemudDomainMemoryPeek: change ownership/selinux label on
temporary file.
Otherwise qemu is unable to write to it, with the error:
libvir: QEMU error : internal error unable to execute QEMU command 'memsave': Could not open '/var/cache/libvirt/qemu/qemu.mem.RRNvLv'
---
src/qemu/qemu_driver.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 44acc6a..691965d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5536,6 +5536,8 @@ qemudDomainMemoryPeek (virDomainPtr dom,
goto endjob;
}
+ virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
+
priv = vm->privateData;
qemuDomainObjEnterMonitor(vm);
if (flags == VIR_MEMORY_VIRTUAL) {
--
1.7.5.1
>From b01b6232ff0bff85d5c2521ce1f75ca18718333c Mon Sep 17 00:00:00 2001
From: Richard W.M. Jones <rjones@xxxxxxxxxx>
Date: Fri, 20 May 2011 15:55:40 +0100
Subject: [PATCH 2/2] remote: remove bogus virDomainFree.
---
daemon/remote.c | 2 --
1 files changed, 0 insertions(+), 2 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index 42e1cb9..941e92f 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -916,8 +916,6 @@ remoteDispatchDomainMemoryPeek(struct qemud_server *server ATTRIBUTE_UNUSED,
if (virDomainMemoryPeek(dom, offset, size,
ret->buffer.buffer_val, flags) < 0)
goto cleanup;
- if (dom)
- virDomainFree(dom);
rv = 0;
--
1.7.5.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list