On 09/23/2011 02:17 AM, Osier Yang wrote: > Hmm, preventing the relabeling in security driver instead might be the > more proper way? (If the disk source is used by other *running* domain, > then quit relabeling and exit with error). No, prevent the relabeling in the lock manager. If one domain is running and the lock manager is running, that should be sufficient to prevent any other domain from starting with the same disk, even before we get to the labeling point. > > However, this won't prevent one using same disk source for multiple domains > if security_driver is disabled. > > And if security_driver is disabled, there will be no permission problem, all > the domains can write to the same disk source, thus it might cause > inconsistency > between the domains or corrupt. > >> to see whether if the pricinple >> is right or not. The principle here is whether the lock manager is running. Only if you can still reproduce the problem with a lock manager (whether sanlock or fcntl) do we have a bug to fix. -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list