It is not possible to change the label of a TCP socket once it
has been opened. When creating a TCP socket care must be taken
to ensure the socket creation label is set & then cleared.
Remove the bogus call to virSecurityManagerSetProcessFDLabel
from the lock driver guest setup code and instead make use of
virSecurityManagerSetSocketLabel
---
src/qemu/qemu_process.c | 19 ++++++++++++-------
1 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 58b4d36..c22974f 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2081,15 +2081,26 @@ static int qemuProcessHook(void *data)
h->vm->pid = getpid();
VIR_DEBUG("Obtaining domain lock");
+ /*
+ * Since we're going to leak the returned FD to QEMU,
+ * we need to make sure it gets a sensible label.
+ * This mildly sucks, because there could be other
+ * sockets the lock driver opens that we don't want
+ * labelled. So far we're ok though.
+ */
+ if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm) < 0)
+ goto cleanup;
if (virDomainLockProcessStart(h->driver->lockManager,
h->vm,
/* QEMU is always pased initially */
true,
&fd) < 0)
goto cleanup;
+ if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm) < 0)
+ goto cleanup;
if (qemuProcessLimits(h->driver) < 0)
- return -1;
+ goto cleanup;
/* This must take place before exec(), so that all QEMU
* memory allocation is on the correct NUMA node
@@ -2111,12 +2122,6 @@ static int qemuProcessHook(void *data)
if (virSecurityManagerSetProcessLabel(h->driver->securityManager, h->vm) < 0)
goto cleanup;
- if (fd != -1) {
- VIR_DEBUG("Setting up lock manager FD labelling");
- if (virSecurityManagerSetProcessFDLabel(h->driver->securityManager, h->vm, fd) < 0)
- goto cleanup;
- }
-
ret = 0;
cleanup:
--
1.7.4.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list