---
Notes:
Version 3:
- use virSecurityManagerSetSocketLabel/virSecurityManagerClearSocketLabel
pair around virNetSocketNewConnectTCP to label the newly created socket
with svirt_t
Version 2:
- use virSecurityManagerSetProcessFDLabel instead of
virSecurityManagerSetImageFDLabel since the correct label for
TCP sockets appears to be svirt_t and not svirt_image_t
src/qemu/qemu_migration.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index a38c0d9..3818d71 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1624,11 +1624,14 @@ static int doNativeMigrate(struct qemud_driver *driver,
virReportOOMError();
goto cleanup;
}
+ if (virSecurityManagerSetSocketLabel(driver->securityManager, vm) < 0)
+ goto cleanup;
if (virNetSocketNewConnectTCP(uribits->server, tmp, &sock) == 0) {
spec.dest.fd.qemu = virNetSocketDupFD(sock, true);
virNetSocketFree(sock);
}
- if (spec.dest.fd.qemu == -1)
+ if (virSecurityManagerClearSocketLabel(driver->securityManager, vm) < 0 ||
+ spec.dest.fd.qemu == -1)
goto cleanup;
} else {
spec.destType = MIGRATION_DEST_HOST;
--
1.7.6.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list