Thanks Martin. I'll send out the v2 addressing your comments.
Thanks and Regards,
Shiva
On Thu, Apr 17, 2014 at 7:50 PM, Martin Kletzander <mkletzan@xxxxxxxxxx> wrote:
> On Tue, Apr 08, 2014 at 09:11:33AM -0400, Shivaprasad G Bhat wrote:
>>
>> The file handle passed from libvirt to qemu is not set to the context of
>> the
>> guest. So, set the selinux context of fd before passing it to qemu
>>
>> Signed-off-by: Shivaprasad G Bhat<sbhat@xxxxxxxxxxxxxxxxxx>
>> ---
>> src/qemu/qemu_driver.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
>> index 4bb4819..8cf3666 100644
>> --- a/src/qemu/qemu_driver.c
>> +++ b/src/qemu/qemu_driver.c
>> @@ -5522,6 +5522,9 @@ qemuDomainRestoreFlags(virConnectPtr conn,
>> goto cleanup;
>> def = NULL;
>>
>> + if (virSecurityManagerSetImageFDLabel(driver->securityManager,
>> vm->def, fd) < 0)
>> + goto cleanup;
>> +
>> if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
>> goto cleanup;
>>
>>
>
> What is the particular problem you are trying to fix, how do you
> reproduce the issue?
>
> Have a look at 'git log --format=oneline', for example, to see how to
> format commit message subject. In most cases We tend to describe the
> change being done, not a problem that exists (and shouldn't after the
> commit is applied). I'd suggest using "qemu: Properly label FDs when
> restoring domain with static label" for example.
>
> You are duplicating the code we have in place already, just the
> condition is wrong probably (see qemuProcessStart(),
> virSecurityManagerSetImageFDLabel() is called when there is stdin_fd
> (the same fd you have in qemuDomainRestore{,Flags}) and it's a pipe
> (that's probably the root cause).
>
> Fixing it there will make it work in qemuDomainRestore() as well as
> qemuDomainRestoreFlags() and any other function we will call
> qemuProcessStart() in.
>
> Martin
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list