[libvirt] [PATCH] Fix sec label setup when attaching to QEMU processes
When attaching to a QEMU process, the def->seclabels array is
going to be empty. The qemuProcessAttach method must thus
populate it with data for the security drivers.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/qemu/qemu_process.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 1f00840..7d41c93 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4479,6 +4479,7 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
virDomainPausedReason reason;
virSecurityLabelPtr seclabel = NULL;
virSecurityLabelDefPtr seclabeldef = NULL;
+ bool seclabelgen = false;
virSecurityManagerPtr* sec_managers = NULL;
const char *model;
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
@@ -4529,10 +4530,16 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
goto error;
for (i = 0; sec_managers[i]; i++) {
+ seclabelgen = false;
+ VIR_ERROR("Iter %zu", i);
model = virSecurityManagerGetModel(sec_managers[i]);
seclabeldef = virDomainDefGetSecurityLabelDef(vm->def, model);
- if (seclabeldef == NULL)
- goto error;
+ VIR_ERROR("model %s def %p", model, seclabeldef);
+ if (seclabeldef == NULL) {
+ if (!(seclabeldef = virDomainDefGenSecurityLabelDef(model)))
+ goto error;
+ seclabelgen = true;
+ }
seclabeldef->type = VIR_DOMAIN_SECLABEL_STATIC;
if (VIR_ALLOC(seclabel) < 0)
goto error;
@@ -4546,6 +4553,12 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
if (VIR_STRDUP(seclabeldef->label, seclabel->label) < 0)
goto error;
VIR_FREE(seclabel);
+
+ if (seclabelgen) {
+ if (VIR_APPEND_ELEMENT(vm->def->seclabels, vm->def->nseclabels,
seclabeldef) < 0)
+ goto error;
+ seclabelgen = false;
+ }
}
VIR_DEBUG("Creating domain log file");
@@ -4692,6 +4705,8 @@ error:
VIR_FORCE_CLOSE(logfile);
VIR_FREE(seclabel);
VIR_FREE(sec_managers);
+ if (seclabelgen)
+ virSecurityLabelDefFree(seclabeldef);
virDomainChrSourceDefFree(monConfig);
virObjectUnref(cfg);
virObjectUnref(caps);
--
1.8.5.3