Re: [libvirt] [PATCH] qemudDomainMemoryPeek: chown temporary file to qemu.qemu.
On Fri, May 20, 2011 at 03:57:03PM +0100, Richard W.M. Jones wrote:
On Fri, May 20, 2011 at 03:40:35PM +0100, Daniel P. Berrange wrote:
> I think we likely need /var/cache/libvirt to be 0711 so that
> QEMU can access directories below it, but not actually read it.
0711 does indeed work fine. However, where/what sets this?
The RPM specfile %files section is in charge.
> Oh, there is a bogus 'if (dom) virDomainFree(dom)' call
in the
> remote dispatcher remoteDispatchDomainMemoryPeek
Ah, well spotted! The attached patch does indeed remove the
warning/error.
> We will also need to set the SELinux context on the file. So instead
> of directly using chown, we need to call
>
> virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
OK, this works -- see updated patch attached.
> and after the monitor command completes, run
>
> virSecurityManagerRestoreSavedStateLabel(qemu_driver->securityManager, vm, tmp);
This says:
15:52:28.144: 11128: warning : SELinuxRestoreSecurityFileLabel:460 : cannot lookup
default selinux label for /var/cache/libvirt/qemu/qemu.mem.Cjn86L
Is it really necessary to restore the label for a file we're going
to delete?
No, not really required.
From db103b9f9f5c3916d3f6eafea8d732cad01ab979 Mon Sep 17 00:00:00
2001
From: Richard W.M. Jones <rjones(a)redhat.com>
Date: Fri, 20 May 2011 13:56:46 +0100
Subject: [PATCH 1/2] qemudDomainMemoryPeek: change ownership/selinux label on
temporary file.
Otherwise qemu is unable to write to it, with the error:
libvir: QEMU error : internal error unable to execute QEMU command 'memsave':
Could not open '/var/cache/libvirt/qemu/qemu.mem.RRNvLv'
---
src/qemu/qemu_driver.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 44acc6a..691965d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5536,6 +5536,8 @@ qemudDomainMemoryPeek (virDomainPtr dom,
goto endjob;
}
+ virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
+
priv = vm->privateData;
qemuDomainObjEnterMonitor(vm);
if (flags == VIR_MEMORY_VIRTUAL) {
From b01b6232ff0bff85d5c2521ce1f75ca18718333c Mon Sep 17 00:00:00
2001
From: Richard W.M. Jones <rjones(a)redhat.com>
Date: Fri, 20 May 2011 15:55:40 +0100
Subject: [PATCH 2/2] remote: remove bogus virDomainFree.
---
daemon/remote.c | 2 --
1 files changed, 0 insertions(+), 2 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index 42e1cb9..941e92f 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -916,8 +916,6 @@ remoteDispatchDomainMemoryPeek(struct qemud_server *server
ATTRIBUTE_UNUSED,
if (virDomainMemoryPeek(dom, offset, size,
ret->buffer.buffer_val, flags) < 0)
goto cleanup;
- if (dom)
- virDomainFree(dom);
rv = 0;
ACK to both.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|