On 12/05/2013 01:29 PM, Jiri Denemark wrote: > On Thu, Dec 05, 2013 at 13:18:57 -0500, Cole Robinson wrote: >> Since setting security label is dependent bus/addr being available. >> This fixes hotplugging a USB device that is referenced only by >> product/vendor (virt-manager's default). >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1016511 >> >> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c >> index f4fc723..d93fef9 100644 >> --- a/src/qemu/qemu_hotplug.c >> +++ b/src/qemu/qemu_hotplug.c > ... >> @@ -1601,6 +1600,11 @@ int qemuDomainAttachHostDevice(virQEMUDriverPtr driver, >> return -1; >> } >> >> + /* We need to fill in USB values before the security labeling */ >> + if (hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB && >> + qemuFindHostdevUSBDevice(hostdev, true, &usb) < 0) >> + return -1; >> + >> if (virSecurityManagerSetHostdevLabel(driver->securityManager, >> vm->def, hostdev, NULL) < 0) >> return -1; >> @@ -1614,7 +1618,7 @@ int qemuDomainAttachHostDevice(virQEMUDriverPtr driver, >> >> case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: >> if (qemuDomainAttachHostUsbDevice(driver, vm, >> - hostdev) < 0) >> + hostdev, usb) < 0) >> goto error; >> break; > > Shouldn't we rather move virSecurityManagerSetHostdevLabel further in > device-type specific functions similarly to how I fixed this issue for > qemuSetupHostdevCGroup in 05e149f94cbd34e4c3d4e9c7f6871e13cfe03d8c? I > think it makes sense to label devices only after we know they are not > used by other domains and after we know we can really attach them. > Good points, I'll take a stab at it if you aren't already working on it. - Cole -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list