Re: [PATCH] qemudDomainMemoryPeek: chown temporary file to qemu.qemu.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, May 20, 2011 at 03:57:03PM +0100, Richard W.M. Jones wrote:
> On Fri, May 20, 2011 at 03:40:35PM +0100, Daniel P. Berrange wrote:
> > I think we likely need  /var/cache/libvirt to be 0711 so that
> > QEMU can access directories below it, but not actually read it.
> 
> 0711 does indeed work fine.  However, where/what sets this?

The RPM specfile %files section is in charge.

> > Oh, there is a bogus  'if (dom) virDomainFree(dom)' call in the
> > remote dispatcher remoteDispatchDomainMemoryPeek
> 
> Ah, well spotted!  The attached patch does indeed remove the
> warning/error.
> 
> > We will also need to set the SELinux context on the file. So instead
> > of directly using chown,  we need to call
> > 
> > virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
> 
> OK, this works -- see updated patch attached.
> 
> > and after the monitor command completes, run
> > 
> > virSecurityManagerRestoreSavedStateLabel(qemu_driver->securityManager, vm, tmp);
> 
> This says:
> 
> 15:52:28.144: 11128: warning : SELinuxRestoreSecurityFileLabel:460 : cannot lookup default selinux label for /var/cache/libvirt/qemu/qemu.mem.Cjn86L
> 
> Is it really necessary to restore the label for a file we're going
> to delete?

No, not really required.


> From db103b9f9f5c3916d3f6eafea8d732cad01ab979 Mon Sep 17 00:00:00 2001
> From: Richard W.M. Jones <rjones@xxxxxxxxxx>
> Date: Fri, 20 May 2011 13:56:46 +0100
> Subject: [PATCH 1/2] qemudDomainMemoryPeek: change ownership/selinux label on
>  temporary file.
> 
> Otherwise qemu is unable to write to it, with the error:
> 
> libvir: QEMU error : internal error unable to execute QEMU command 'memsave': Could not open '/var/cache/libvirt/qemu/qemu.mem.RRNvLv'
> ---
>  src/qemu/qemu_driver.c |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 44acc6a..691965d 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -5536,6 +5536,8 @@ qemudDomainMemoryPeek (virDomainPtr dom,
>          goto endjob;
>      }
>  
> +    virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
> +
>      priv = vm->privateData;
>      qemuDomainObjEnterMonitor(vm);
>      if (flags == VIR_MEMORY_VIRTUAL) {

> From b01b6232ff0bff85d5c2521ce1f75ca18718333c Mon Sep 17 00:00:00 2001
> From: Richard W.M. Jones <rjones@xxxxxxxxxx>
> Date: Fri, 20 May 2011 15:55:40 +0100
> Subject: [PATCH 2/2] remote: remove bogus virDomainFree.
> 
> ---
>  daemon/remote.c |    2 --
>  1 files changed, 0 insertions(+), 2 deletions(-)
> 
> diff --git a/daemon/remote.c b/daemon/remote.c
> index 42e1cb9..941e92f 100644
> --- a/daemon/remote.c
> +++ b/daemon/remote.c
> @@ -916,8 +916,6 @@ remoteDispatchDomainMemoryPeek(struct qemud_server *server ATTRIBUTE_UNUSED,
>      if (virDomainMemoryPeek(dom, offset, size,
>                              ret->buffer.buffer_val, flags) < 0)
>          goto cleanup;
> -    if (dom)
> -        virDomainFree(dom);
>  
>      rv = 0;
>  

ACK to both.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]