Re: [PATCH] qemudDomainMemoryPeek: chown temporary file to qemu.qemu.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, May 20, 2011 at 03:40:35PM +0100, Daniel P. Berrange wrote:
> I think we likely need  /var/cache/libvirt to be 0711 so that
> QEMU can access directories below it, but not actually read it.

0711 does indeed work fine.  However, where/what sets this?

> Oh, there is a bogus  'if (dom) virDomainFree(dom)' call in the
> remote dispatcher remoteDispatchDomainMemoryPeek

Ah, well spotted!  The attached patch does indeed remove the
warning/error.

> We will also need to set the SELinux context on the file. So instead
> of directly using chown,  we need to call
> 
> virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);

OK, this works -- see updated patch attached.

> and after the monitor command completes, run
> 
> virSecurityManagerRestoreSavedStateLabel(qemu_driver->securityManager, vm, tmp);

This says:

15:52:28.144: 11128: warning : SELinuxRestoreSecurityFileLabel:460 : cannot lookup default selinux label for /var/cache/libvirt/qemu/qemu.mem.Cjn86L

Is it really necessary to restore the label for a file we're going
to delete?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v
>From db103b9f9f5c3916d3f6eafea8d732cad01ab979 Mon Sep 17 00:00:00 2001
From: Richard W.M. Jones <rjones@xxxxxxxxxx>
Date: Fri, 20 May 2011 13:56:46 +0100
Subject: [PATCH 1/2] qemudDomainMemoryPeek: change ownership/selinux label on
 temporary file.

Otherwise qemu is unable to write to it, with the error:

libvir: QEMU error : internal error unable to execute QEMU command 'memsave': Could not open '/var/cache/libvirt/qemu/qemu.mem.RRNvLv'
---
 src/qemu/qemu_driver.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 44acc6a..691965d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5536,6 +5536,8 @@ qemudDomainMemoryPeek (virDomainPtr dom,
         goto endjob;
     }
 
+    virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
+
     priv = vm->privateData;
     qemuDomainObjEnterMonitor(vm);
     if (flags == VIR_MEMORY_VIRTUAL) {
-- 
1.7.5.1

>From b01b6232ff0bff85d5c2521ce1f75ca18718333c Mon Sep 17 00:00:00 2001
From: Richard W.M. Jones <rjones@xxxxxxxxxx>
Date: Fri, 20 May 2011 15:55:40 +0100
Subject: [PATCH 2/2] remote: remove bogus virDomainFree.

---
 daemon/remote.c |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/daemon/remote.c b/daemon/remote.c
index 42e1cb9..941e92f 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -916,8 +916,6 @@ remoteDispatchDomainMemoryPeek(struct qemud_server *server ATTRIBUTE_UNUSED,
     if (virDomainMemoryPeek(dom, offset, size,
                             ret->buffer.buffer_val, flags) < 0)
         goto cleanup;
-    if (dom)
-        virDomainFree(dom);
 
     rv = 0;
 
-- 
1.7.5.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]