[libvirt] [libvirt-java] Add various block, snapshot and migrate methods
by Wido den Hollander
Hi,
I've sent a series of patches like these about two weeks ago and got
some great feedback from Claudio on those!
The feedback from Claudio has been used for writing this series of patches.
Backwards compatibility has been preserved by still using virDomainMigrate
and virtDomainMigrateToUri for the exisiting methods, just to be sure.
Thank you,
Wido
11 years, 11 months
[libvirt] libvirt -- add virtio-scsi disk with scsi-generic
by 韩诚
Hi, Paolo, All,
I read "virtio-scsi support proposal
v2"(http://permalink.gmane.org/gmane.comp.emulators.libvirt/50428).
Try to add a virtio-scsi with scsi-generic like this:
<hostdev type='scsi'>
<source>
<adapter name='scsi_host0'/>
<address type='scsi' bus='0' target='0' unit='0'/>
</source>
<target>
<address type='scsi' controller='0' bus='0' target='0' unit='2'/>
</target>
</hostdev>
But It turn out to be wrong, showing:
error: Failed to define domain from rhel63ga
error: XML error: unknown host device source address type 'scsi_host'
I'd like to know how shall to add a virtio-scsi disk with scsi-generic option.
Thanks~
--
Best regards,
Cheng
11 years, 11 months
[libvirt] This patch adds the label to lxc-enter-namespace
by Daniel J Walsh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(Resend to the correct list)
lxc-enter-namespace allows a process from outside a container to start a
process inside a container. One problem with the current code is the process
running within the container would run with the label of the process that
created it.
For example if the admin process is running as unconfined_t and executes the
following command
# virsh -c lxc:/// lxc-enter-namespace --nolabel dan -- /bin/ps -eZ
LABEL PID TTY TIME CMD
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 29 ? 00:00:00 dhclient
staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 47 ? 00:00:00 ps
Note the ps command is running as unconfined_t, After this patch,
virsh -c lxc:/// lxc-enter-namespace dan -- /bin/ps -eZ
LABEL PID TTY TIME CMD
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 32 ? 00:00:00 dhclient
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 38 ? 00:00:00 ps
I also add a --nolabel command to virsh, which can go back to the original
behaviour.
virsh -c lxc:/// lxc-enter-namespace --nolabel dan -- /bin/ps -eZ
LABEL PID TTY TIME CMD
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 32 ? 00:00:00 dhclient
staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 37 ? 00:00:00 ps
One problem I had when I originally did the patch is
lxcDomainGetSecurityLabel was returning the incorrect label, I needed the
label of the initpid within the container not its parent process, so I
changed this function to match OpenNamespaces function.
One last strangeness, about half the time I run this, virsh hangs and never
returns.
Seems like
if (conn->driver->domainGetSecurityLabel(domain,
seclabel) == 0) {
Gets hung up. I have attached the strace in out1.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlEBO2EACgkQrlYvE4MpobMS5ACg3Ih4Iu0lD9BofF4iP0QXarAL
jpQAoLyWWNhnnFw2TRDJsXqvrTTVujyZ
=hUZ/
-----END PGP SIGNATURE-----
11 years, 11 months
[libvirt] [PATCH 0/2] Two additional build fixes
by Jiri Denemark
Both pushed as trivial and build-breakers.
Jiri Denemark (2):
apparmor: Avoid freeing uninitialized pointer
selinux: Properly indent preprocessor directives
src/security/security_apparmor.c | 2 +-
src/security/security_selinux.c | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
--
1.8.1.1
11 years, 11 months
[libvirt] [PATCH 0/2] Fix build after commit 87b4c10c6cf02251dd8c29b5b895bebc6ec297f9
by Peter Krempa
My gcc didn't whine about the uninitialized variable. This series tries to fix
and then actually fixes the bug.
Sorry for the inconvenience. I'm putting on my brown bag and upgrading my GCC.
Series pushed as a build-breaker.
Peter Krempa (2):
xen: Initialize variable before using
xen: Actually fix the uninitialized variable
src/xen/xend_internal.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
1.8.1.1
11 years, 11 months
[libvirt] [libvirt-glib 1/2] Use g_strlcpy instead of strncpy
by Christophe Fergeau
This guarantees that the string will be nul-terminated. Coverity
warned about this issue.
---
libvirt-gobject/libvirt-gobject-connection.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libvirt-gobject/libvirt-gobject-connection.c b/libvirt-gobject/libvirt-gobject-connection.c
index 91cc535..0525323 100644
--- a/libvirt-gobject/libvirt-gobject-connection.c
+++ b/libvirt-gobject/libvirt-gobject-connection.c
@@ -1583,7 +1583,7 @@ GVirNodeInfo *gvir_connection_get_node_info(GVirConnection *conn,
}
ret = g_slice_new(GVirNodeInfo);
- strncpy (ret->model, info.model, sizeof (ret->model));
+ g_strlcpy (ret->model, info.model, sizeof (ret->model));
ret->memory = info.memory;
ret->cpus = info.cpus;
ret->mhz = info.mhz;
--
1.8.0.2
11 years, 11 months
[libvirt] [PATCH 0/5] Resolve parallels and virCommandPtr resource leaks
by John Ferlan
This is v3 of the parallels_driver.c changes. The most recent review pointed
out that virCommandPtr's need to be free'd. I found a few other instances
where they weren't free'd. I also found a few instances where the status
check from virCommandRun was not < 0 and cleaned them to be more consistent.
John Ferlan (5):
parallels: Resolve some resource leaks
security: Need to add virCommandFree()
storage: Need to add virCommandFree()
util: Need to add virCommandFree()
parallels_utils: Check return status properly from virCommandRun()
src/parallels/parallels_driver.c | 47 ++++++++++++++++++++++++----------------
src/parallels/parallels_utils.c | 2 +-
src/security/security_apparmor.c | 1 +
src/storage/storage_backend_fs.c | 2 ++
src/util/virnetdevopenvswitch.c | 2 ++
5 files changed, 34 insertions(+), 20 deletions(-)
--
1.7.11.7
11 years, 11 months
[libvirt] [PATCHv3 0/6] Add additional data to NUMA topology info
by Peter Krempa
Another spin of the series. Difference to previous version:
- remove redundant init of some structures
- add graceful behavior if topology cannot be discovered
- fix incorrect usage of virBitmapParse
I'm working on adding more docs for the capabilities XML and the support for the xend driver.
Peter Krempa (6):
schema: Make the cpuset type reusable across schema files
schemas: Add schemas for more CPU topology information in the caps XML
conf: Split out NUMA topology formatting to simplify access to data
capabilities: Switch CPU data in NUMA topology to a struct
capabilities: Add additional data to the NUMA topology info
test: Add support for thread and core information for the test driver
docs/schemas/basictypes.rng | 6 +++
docs/schemas/capability.rng | 11 +++++
docs/schemas/domaincommon.rng | 5 ---
src/conf/capabilities.c | 94 ++++++++++++++++++++++++++++++-------------
src/conf/capabilities.h | 16 +++++++-
src/libvirt_private.syms | 1 +
src/nodeinfo.c | 85 ++++++++++++++++++++++++++++++++------
src/qemu/qemu_process.c | 2 +-
src/test/test_driver.c | 24 +++++++++--
src/xen/xend_internal.c | 21 +++++-----
10 files changed, 204 insertions(+), 61 deletions(-)
--
1.8.1.1
11 years, 11 months
[libvirt] [PATCH v4] selinux: Only create the selabel_handle once.
by Richard W.M. Jones
From: "Richard W.M. Jones" <rjones(a)redhat.com>
According to Eric Paris this is slightly more efficient because it
only loads the regular expressions in libselinux once.
---
src/security/security_selinux.c | 129 ++++++++++++++++++++++++++--------------
1 file changed, 83 insertions(+), 46 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a3ef728..2affe69 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -63,6 +63,9 @@ struct _virSecuritySELinuxData {
char *content_context;
virHashTablePtr mcs;
bool skipAllLabel;
+#if HAVE_SELINUX_LABEL_H
+ struct selabel_handle *label_handle;
+#endif
};
struct _virSecuritySELinuxCallbackData {
@@ -367,12 +370,21 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
data->skipAllLabel = true;
+#if HAVE_SELINUX_LABEL_H
+ data->label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+ if (!data->label_handle) {
+ virReportSystemError(errno, "%s",
+ _("cannot open SELinux label_handle"));
+ return -1;
+ }
+#endif
+
selinux_conf = virConfReadFile(selinux_lxc_contexts_path(), 0);
if (!selinux_conf) {
virReportSystemError(errno,
_("cannot open SELinux lxc contexts file '%s'"),
selinux_lxc_contexts_path());
- return -1;
+ goto error;
}
scon = virConfGetValue(selinux_conf, "process");
@@ -418,6 +430,9 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
return 0;
error:
+#if HAVE_SELINUX_LABEL_H
+ selabel_close(data->label_handle);
+#endif
virConfFree(selinux_conf);
VIR_FREE(data->domain_context);
VIR_FREE(data->file_context);
@@ -444,6 +459,15 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
data->skipAllLabel = false;
+#if HAVE_SELINUX_LABEL_H
+ data->label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+ if (!data->label_handle) {
+ virReportSystemError(errno, "%s",
+ _("cannot open SELinux label_handle"));
+ return -1;
+ }
+#endif
+
if (virFileReadAll(selinux_virtual_domain_context_path(), MAX_CONTEXT, &(data->domain_context)) < 0) {
virReportSystemError(errno,
_("cannot read SELinux virtual domain context file '%s'"),
@@ -499,6 +523,9 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
return 0;
error:
+#if HAVE_SELINUX_LABEL_H
+ selabel_close(data->label_handle);
+#endif
VIR_FREE(data->domain_context);
VIR_FREE(data->alt_domain_context);
VIR_FREE(data->file_context);
@@ -763,6 +790,10 @@ virSecuritySELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
if (!data)
return 0;
+#if HAVE_SELINUX_LABEL_H
+ selabel_close(data->label_handle);
+#endif
+
virHashFree(data->mcs);
VIR_FREE(data->domain_context);
@@ -937,18 +968,13 @@ virSecuritySELinuxFSetFilecon(int fd, char *tcon)
/* Set fcon to the appropriate label for path and mode, or return -1. */
static int
-getContext(const char *newpath, mode_t mode, security_context_t *fcon)
+getContext(virSecurityManagerPtr mgr,
+ const char *newpath, mode_t mode, security_context_t *fcon)
{
#if HAVE_SELINUX_LABEL_H
- struct selabel_handle *handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
- int ret;
-
- if (handle == NULL)
- return -1;
+ virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
- ret = selabel_lookup_raw(handle, fcon, newpath, mode);
- selabel_close(handle);
- return ret;
+ return selabel_lookup_raw(data->label_handle, fcon, newpath, mode);
#else
return matchpathcon(newpath, mode, fcon);
#endif
@@ -958,7 +984,8 @@ getContext(const char *newpath, mode_t mode, security_context_t *fcon)
/* This method shouldn't raise errors, since they'll overwrite
* errors that the caller(s) are already dealing with */
static int
-virSecuritySELinuxRestoreSecurityFileLabel(const char *path)
+virSecuritySELinuxRestoreSecurityFileLabel(virSecurityManagerPtr mgr,
+ const char *path)
{
struct stat buf;
security_context_t fcon = NULL;
@@ -980,7 +1007,7 @@ virSecuritySELinuxRestoreSecurityFileLabel(const char *path)
goto err;
}
- if (getContext(newpath, buf.st_mode, &fcon) < 0) {
+ if (getContext(mgr, newpath, buf.st_mode, &fcon) < 0) {
/* Any user created path likely does not have a default label,
* which makes this an expected non error
*/
@@ -997,7 +1024,7 @@ err:
}
static int
-virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainDiskDefPtr disk,
int migrated)
@@ -1044,7 +1071,7 @@ virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBU
}
}
- return virSecuritySELinuxRestoreSecurityFileLabel(disk->src);
+ return virSecuritySELinuxRestoreSecurityFileLabel(mgr, disk->src);
}
@@ -1301,22 +1328,27 @@ virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UN
static int
virSecuritySELinuxRestoreSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
const char *file,
- void *opaque ATTRIBUTE_UNUSED)
+ void *opaque)
{
- return virSecuritySELinuxRestoreSecurityFileLabel(file);
+ virSecurityManagerPtr mgr = opaque;
+
+ return virSecuritySELinuxRestoreSecurityFileLabel(mgr, file);
}
static int
virSecuritySELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
const char *file,
- void *opaque ATTRIBUTE_UNUSED)
+ void *opaque)
{
- return virSecuritySELinuxRestoreSecurityFileLabel(file);
+ virSecurityManagerPtr mgr = opaque;
+
+ return virSecuritySELinuxRestoreSecurityFileLabel(mgr, file);
}
static int
-virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virDomainHostdevDefPtr dev,
+virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr,
+ virDomainHostdevDefPtr dev,
const char *vroot)
{
@@ -1335,7 +1367,7 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virDomainHostdevDefPtr dev,
if (!usb)
goto done;
- ret = usbDeviceFileIterate(usb, virSecuritySELinuxRestoreSecurityUSBLabel, NULL);
+ ret = usbDeviceFileIterate(usb, virSecuritySELinuxRestoreSecurityUSBLabel, mgr);
usbFreeDevice(usb);
break;
@@ -1350,7 +1382,7 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virDomainHostdevDefPtr dev,
if (!pci)
goto done;
- ret = pciDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel, NULL);
+ ret = pciDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel, mgr);
pciFreeDevice(pci);
break;
@@ -1367,7 +1399,8 @@ done:
static int
-virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virDomainHostdevDefPtr dev,
+virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr,
+ virDomainHostdevDefPtr dev,
const char *vroot)
{
int ret = -1;
@@ -1387,7 +1420,7 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virDomainHostdevDefPtr dev,
return -1;
}
}
- ret = virSecuritySELinuxRestoreSecurityFileLabel(path);
+ ret = virSecuritySELinuxRestoreSecurityFileLabel(mgr, path);
VIR_FREE(path);
break;
}
@@ -1405,7 +1438,7 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virDomainHostdevDefPtr dev,
return -1;
}
}
- ret = virSecuritySELinuxRestoreSecurityFileLabel(path);
+ ret = virSecuritySELinuxRestoreSecurityFileLabel(mgr, path);
VIR_FREE(path);
break;
}
@@ -1420,7 +1453,7 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virDomainHostdevDefPtr dev,
static int
-virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainHostdevDefPtr dev,
const char *vroot)
@@ -1437,10 +1470,10 @@ virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUT
switch (dev->mode) {
case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS:
- return virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(dev, vroot);
+ return virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(mgr, dev, vroot);
case VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES:
- return virSecuritySELinuxRestoreSecurityHostdevCapsLabel(dev, vroot);
+ return virSecuritySELinuxRestoreSecurityHostdevCapsLabel(mgr, dev, vroot);
default:
return 0;
@@ -1522,7 +1555,8 @@ done:
}
static int
-virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
+virSecuritySELinuxRestoreSecurityChardevLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
virDomainChrDefPtr dev,
virDomainChrSourceDefPtr dev_source)
@@ -1545,14 +1579,14 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
switch (dev_source->type) {
case VIR_DOMAIN_CHR_TYPE_DEV:
case VIR_DOMAIN_CHR_TYPE_FILE:
- if (virSecuritySELinuxRestoreSecurityFileLabel(dev_source->data.file.path) < 0)
+ if (virSecuritySELinuxRestoreSecurityFileLabel(mgr, dev_source->data.file.path) < 0)
goto done;
ret = 0;
break;
case VIR_DOMAIN_CHR_TYPE_UNIX:
if (!dev_source->data.nix.listen) {
- if (virSecuritySELinuxRestoreSecurityFileLabel(dev_source->data.file.path) < 0)
+ if (virSecuritySELinuxRestoreSecurityFileLabel(mgr, dev_source->data.file.path) < 0)
goto done;
}
ret = 0;
@@ -1565,11 +1599,11 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
goto done;
}
if (virFileExists(in) && virFileExists(out)) {
- if ((virSecuritySELinuxRestoreSecurityFileLabel(out) < 0) ||
- (virSecuritySELinuxRestoreSecurityFileLabel(in) < 0)) {
+ if ((virSecuritySELinuxRestoreSecurityFileLabel(mgr, out) < 0) ||
+ (virSecuritySELinuxRestoreSecurityFileLabel(mgr, in) < 0)) {
goto done;
}
- } else if (virSecuritySELinuxRestoreSecurityFileLabel(dev_source->data.file.path) < 0) {
+ } else if (virSecuritySELinuxRestoreSecurityFileLabel(mgr, dev_source->data.file.path) < 0) {
goto done;
}
ret = 0;
@@ -1590,14 +1624,16 @@ done:
static int
virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDefPtr def,
virDomainChrDefPtr dev,
- void *opaque ATTRIBUTE_UNUSED)
+ void *opaque)
{
+ virSecurityManagerPtr mgr = opaque;
+
/* This is taken care of by processing of def->serials */
if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE &&
dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
return 0;
- return virSecuritySELinuxRestoreSecurityChardevLabel(def, dev,
+ return virSecuritySELinuxRestoreSecurityChardevLabel(mgr, def, dev,
&dev->source);
}
@@ -1605,8 +1641,9 @@ virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDefPtr def,
static int
virSecuritySELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
virDomainSmartcardDefPtr dev,
- void *opaque ATTRIBUTE_UNUSED)
+ void *opaque)
{
+ virSecurityManagerPtr mgr = opaque;
const char *database;
switch (dev->type) {
@@ -1617,10 +1654,10 @@ virSecuritySELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
database = dev->data.cert.database;
if (!database)
database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
- return virSecuritySELinuxRestoreSecurityFileLabel(database);
+ return virSecuritySELinuxRestoreSecurityFileLabel(mgr, database);
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
- return virSecuritySELinuxRestoreSecurityChardevLabel(def, NULL, &dev->data.passthru);
+ return virSecuritySELinuxRestoreSecurityChardevLabel(mgr, def, NULL, &dev->data.passthru);
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
@@ -1670,21 +1707,21 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
if (virDomainChrDefForeach(def,
false,
virSecuritySELinuxRestoreSecurityChardevCallback,
- NULL) < 0)
+ mgr) < 0)
rc = -1;
if (virDomainSmartcardDefForeach(def,
false,
virSecuritySELinuxRestoreSecuritySmartcardCallback,
- NULL) < 0)
+ mgr) < 0)
rc = -1;
if (def->os.kernel &&
- virSecuritySELinuxRestoreSecurityFileLabel(def->os.kernel) < 0)
+ virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.kernel) < 0)
rc = -1;
if (def->os.initrd &&
- virSecuritySELinuxRestoreSecurityFileLabel(def->os.initrd) < 0)
+ virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0)
rc = -1;
return rc;
@@ -1737,7 +1774,7 @@ virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
-virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *savefile)
{
@@ -1750,7 +1787,7 @@ virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNU
if (secdef->norelabel)
return 0;
- return virSecuritySELinuxRestoreSecurityFileLabel(savefile);
+ return virSecuritySELinuxRestoreSecurityFileLabel(mgr, savefile);
}
@@ -2080,7 +2117,7 @@ virSecuritySELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
}
static int
-virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
int fd)
{
@@ -2108,7 +2145,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
goto cleanup;
}
- if (getContext("/dev/tap.*", buf.st_mode, &fcon) < 0) {
+ if (getContext(mgr, "/dev/tap.*", buf.st_mode, &fcon) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot lookup default selinux label for tap fd %d"), fd);
goto cleanup;
--
1.8.1
11 years, 11 months
[libvirt] [PATCHv2] qemu: Re-add driver unlock to qemuDomainSendKey
by Viktor Mihajlovski
Should have been done in commit 56fd513 already, but was missed
due to oversight: qemuDomainSendKey didn't release the driver lock
in its cleanup section. This fixes an issue introduced by commit
8c5d2ba.
Signed-off-by: Viktor Mihajlovski <mihajlov(a)linux.vnet.ibm.com>
---
V2 Changes:
- Removed bogus hunk for qemuDomainManagedSave
- Enhanced subject line and patch description
src/qemu/qemu_driver.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 72907d2..6d4c1e9 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2439,6 +2439,7 @@ endjob:
cleanup:
if (vm)
virObjectUnlock(vm);
+ qemuDriverUnlock(driver);
return ret;
}
--
1.7.9.5
11 years, 11 months
