Re: [libvirt] [PATCH 2/2] Set labelling for character devices in security drivers

2010/6/24 Daniel P. Berrange <berrange(a)redhat.com&gt;: > When configuring serial, parallel, console or channel devices > with a file, dev or pipe backend type, it is neccessary to label > the file path in the security drivers. For char devices of type > file, it is neccessary to pre-create (touch) the file if it does > not already exist since QEMU won't be allowed todo so itself. > dev/pipe configs already require the admin to pre-create before > starting the guest. Two typos: s/neccessary/necessary > * src/qemu/qemu_security_dac.c: set file ownership for character >  devices > * src/security/security_selinux.c: Set file labelling for character Another typo: s/labelling/labeling >  devices > * src/qemu/qemu_driver.c: Add character devices to cgroup ACL > --- >  src/qemu/qemu_driver.c          |   59 +++++++++++++++++++ >  src/qemu/qemu_security_dac.c    |  117 ++++++++++++++++++++++++++++++++++++++ >  src/security/security_selinux.c |  119 +++++++++++++++++++++++++++++++++++++++ >  src/util/cgroup.c               |    2 +- >  4 files changed, 296 insertions(+), 1 deletions(-) > > diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c > index a7b3f25..6274d4c 100644 > --- a/src/qemu/qemu_driver.c > +++ b/src/qemu/qemu_driver.c > @@ -2950,6 +2950,28 @@ qemuPrepareHostDevices(struct qemud_driver *driver, >  } > > > +static int > +qemuPrepareChardevDevice(virDomainDefPtr def ATTRIBUTE_UNUSED, > +                         virDomainChrDefPtr dev, > +                         void *opaque ATTRIBUTE_UNUSED) > +{ > +    int fd; > +    if (dev->type != VIR_DOMAIN_CHR_TYPE_FILE) > +        return 0; > + > +    if ((fd = open(dev->data.file.path, O_CREAT | O_APPEND, S_IRUSR|S_IWUSR)) < 0) { > +        virReportSystemError(errno, > +                             _("Unable to pre-create chardev file %s"), Maybe use '%s' here instead of plain %s.