[libvirt] [PATCH 04/12] Pull initial disk labelling out into libvirtd instead of exec hook
Pulling the disk labelling code out of the exec hook, and into
libvirtd will allow it to access shared state in the daemon. It
will also make debugging & error reporting easier / more reliable.
* qemu/qemu_driver.c: Move initial disk labelling calls up into
libvirtd. Add cleanup of disk labels upon failure
---
src/qemu/qemu_driver.c | 14 ++++++++------
1 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 6c66b22..8195b74 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2443,12 +2443,6 @@ static int qemudDomainSetSecurityLabel(virConnectPtr conn, struct
qemud_driver *
int rc = 0;
if (driver->securityDriver &&
- driver->securityDriver->domainSetSecurityAllLabel &&
- driver->securityDriver->domainSetSecurityAllLabel(conn, vm) < 0)
- rc = -1;
-
- if (rc == 0 &&
- driver->securityDriver &&
driver->securityDriver->domainSetSecurityProcessLabel &&
driver->securityDriver->domainSetSecurityProcessLabel(conn,
driver->securityDriver, vm) < 0)
rc = -1;
@@ -2771,6 +2765,11 @@ static int qemudStartVMDaemon(virConnectPtr conn,
driver->securityDriver->domainGenSecurityLabel(conn, vm) < 0)
return -1;
+ if (driver->securityDriver &&
+ driver->securityDriver->domainSetSecurityAllLabel &&
+ driver->securityDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+ goto cleanup;
+
/* Ensure no historical cgroup for this VM is lieing around bogus settings */
qemuRemoveCgroup(conn, driver, vm, 1);
@@ -2979,6 +2978,9 @@ cleanup:
* XXX investigate if we can kill this block and safely call
* qemudShutdownVMDaemon even though no PID is running */
if (driver->securityDriver &&
+ driver->securityDriver->domainRestoreSecurityAllLabel)
+ driver->securityDriver->domainRestoreSecurityAllLabel(conn, vm);
+ if (driver->securityDriver &&
driver->securityDriver->domainReleaseSecurityLabel)
driver->securityDriver->domainReleaseSecurityLabel(conn, vm);
qemuRemoveCgroup(conn, driver, vm, 0);
--
1.6.5.2