On 06/11/2012 08:29 AM, Michal Privoznik wrote: > Currently, if qemuProcessStart fail at some point, e.g. because > domain being started wants a PCI/USB device already assigned to > a different domain, we jump to cleanup label where qemuProcessStop > is performed. This unconditionally calls virSecurityManagerRestoreAllLabel > which is wrong because the other domain is still using those devices. > > However, once we successfully label all devices/paths in > qemuProcessStart() from that point on, we have to perform a rollback > on failure - that is - we have to virSecurityManagerRestoreAllLabel. > --- > src/qemu/qemu_process.c | 12 ++++++++---- > src/qemu/qemu_process.h | 3 ++- > 2 files changed, 10 insertions(+), 5 deletions(-) Double-negative logic. But I guess we're stuck with it, as the default of 'flags==0' must imply the relabel. > @@ -3984,9 +3987,10 @@ void qemuProcessStop(struct qemud_driver *driver, > } > > /* Reset Security Labels */ > - virSecurityManagerRestoreAllLabel(driver->securityManager, > - vm->def, > - flags & VIR_QEMU_PROCESS_STOP_MIGRATED); > + if (!(flags & VIR_QEMU_PROCESS_STOP_NO_RELABEL)) Took me a couple reads to convince myself that I couldn't come up with any nicer wording of this condition without breaking defaults. ACK. -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list