On 09/23/2011 02:17 AM, Osier Yang wrote:
Hmm, preventing the relabeling in security driver instead might be
the
more proper way? (If the disk source is used by other *running* domain,
then quit relabeling and exit with error).
No, prevent the relabeling in the lock manager. If one domain is
running and the lock manager is running, that should be sufficient to
prevent any other domain from starting with the same disk, even before
we get to the labeling point.
However, this won't prevent one using same disk source for multiple domains
if security_driver is disabled.
And if security_driver is disabled, there will be no permission problem, all
the domains can write to the same disk source, thus it might cause
inconsistency
between the domains or corrupt.
> to see whether if the pricinple
> is right or not.
The principle here is whether the lock manager is running. Only if you
can still reproduce the problem with a lock manager (whether sanlock or
fcntl) do we have a bug to fix.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library
http://libvirt.org