Re: [libvirt] [PATCH] qemu: fix regression with fd labeling on migration
On 03/28/2011 08:33 PM, Daniel Veillard wrote:
On Mon, Mar 28, 2011 at 04:33:58PM -0600, Eric Blake wrote:
> My earlier testing for commit 34fa0de0 was done while starting
> just-built libvirt from an unconfined_t shell, where the fds happened
> to work when transferring to qemu. But when installed and run under
> virtd_t, failure to label the raw file (with no compression) or the
> pipe (with compression) triggers SELinux failures when passing fds
> over SCM_RIGHTS to svirt_t qemu.
>
> * src/qemu/qemu_migration.c (qemuMigrationToFile): When passing
> FDs, make sure they are labeled.
Based on the xplanations, that looks a reasonable patch,
ACK,
Thanks; pushed. Here's hoping the SELinux policy can indeed be updated
to make testing this from unconfined context easier.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 619 bytes)