There are some small issue in qemuProcessAttach:
1.Fix virSecurityManagerGetProcessLabel always get pid = 0,
move 'vm->pid = pid' before call virSecurityManagerGetProcessLabel.
2.Use virSecurityManagerGenLabel to get image label.
3.Fix always set selinux label for other security driver label.
Signed-off-by: Luyao Huang <lhuang(a)redhat.com>
---
src/qemu/qemu_process.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 382d802..ee95adb 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -5255,6 +5255,8 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
if (VIR_STRDUP(priv->pidfile, pidfile) < 0)
goto error;
+ vm->pid = pid;
+
VIR_DEBUG("Detect security driver config");
sec_managers = virSecurityManagerGetNested(driver->securityManager);
if (sec_managers == NULL)
@@ -5272,7 +5274,7 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
seclabeldef->type = VIR_DOMAIN_SECLABEL_STATIC;
if (VIR_ALLOC(seclabel) < 0)
goto error;
- if (virSecurityManagerGetProcessLabel(driver->securityManager,
+ if (virSecurityManagerGetProcessLabel(sec_managers[i],
vm->def, vm->pid, seclabel) < 0)
goto error;
@@ -5290,6 +5292,10 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
}
}
+ if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) {
+ goto error;
+ }
+
VIR_DEBUG("Creating domain log file");
if ((logfile = qemuDomainCreateLog(driver, vm, false)) < 0)
goto error;
@@ -5334,8 +5340,6 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
qemuDomainObjTaint(driver, vm, VIR_DOMAIN_TAINT_EXTERNAL_LAUNCH, logfile);
- vm->pid = pid;
-
VIR_DEBUG("Waiting for monitor to show up");
if (qemuProcessWaitForMonitor(driver, vm, QEMU_ASYNC_JOB_NONE, priv->qemuCaps, -1)
< 0)
goto error;
--
1.8.3.1