On Fri, May 20, 2011 at 03:57:03PM +0100, Richard W.M. Jones wrote:
> On Fri, May 20, 2011 at 03:40:35PM +0100, Daniel P. Berrange wrote:
> > I think we likely need /var/cache/libvirt to be 0711 so that
> > QEMU can access directories below it, but not actually read it.
>
> 0711 does indeed work fine. However, where/what sets this?
The RPM specfile %files section is in charge.
> > Oh, there is a bogus 'if (dom) virDomainFree(dom)' call in the
> > remote dispatcher remoteDispatchDomainMemoryPeek
>
> Ah, well spotted! The attached patch does indeed remove the
> warning/error.
>
> > We will also need to set the SELinux context on the file. So instead
> > of directly using chown, we need to call
> >
> > virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
>
> OK, this works -- see updated patch attached.
>
> > and after the monitor command completes, run
> >
> > virSecurityManagerRestoreSavedStateLabel(qemu_driver->securityManager, vm, tmp);
>
> This says:
>
> 15:52:28.144: 11128: warning : SELinuxRestoreSecurityFileLabel:460 : cannot lookup default selinux label for /var/cache/libvirt/qemu/qemu.mem.Cjn86L
>
> Is it really necessary to restore the label for a file we're going
> to delete?
No, not really required.
> From db103b9f9f5c3916d3f6eafea8d732cad01ab979 Mon Sep 17 00:00:00 2001
> From: Richard W.M. Jones <rjones@xxxxxxxxxx>
> Date: Fri, 20 May 2011 13:56:46 +0100
> Subject: [PATCH 1/2] qemudDomainMemoryPeek: change ownership/selinux label on
> temporary file.
>
> Otherwise qemu is unable to write to it, with the error:
>
> libvir: QEMU error : internal error unable to execute QEMU command 'memsave': Could not open '/var/cache/libvirt/qemu/qemu.mem.RRNvLv'
> ---
> src/qemu/qemu_driver.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 44acc6a..691965d 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -5536,6 +5536,8 @@ qemudDomainMemoryPeek (virDomainPtr dom,
> goto endjob;
> }
>
> + virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
> +
> priv = vm->privateData;
> qemuDomainObjEnterMonitor(vm);
> if (flags == VIR_MEMORY_VIRTUAL) {
> From b01b6232ff0bff85d5c2521ce1f75ca18718333c Mon Sep 17 00:00:00 2001
> From: Richard W.M. Jones <rjones@xxxxxxxxxx>
> Date: Fri, 20 May 2011 15:55:40 +0100
> Subject: [PATCH 2/2] remote: remove bogus virDomainFree.
>
> ---
> daemon/remote.c | 2 --
> 1 files changed, 0 insertions(+), 2 deletions(-)
>
> diff --git a/daemon/remote.c b/daemon/remote.c
> index 42e1cb9..941e92f 100644
> --- a/daemon/remote.c
> +++ b/daemon/remote.c
> @@ -916,8 +916,6 @@ remoteDispatchDomainMemoryPeek(struct qemud_server *server ATTRIBUTE_UNUSED,
> if (virDomainMemoryPeek(dom, offset, size,
> ret->buffer.buffer_val, flags) < 0)
> goto cleanup;
> - if (dom)
> - virDomainFree(dom);
>
> rv = 0;
>
ACK to both.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list