[libvirt] [PATCH v2 10/10] qemu_hotplug: Relabel memdev
Now that we have APIs for relabel memdevs on hotplug, fill in the
missing implementation in qemu hotplug code.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_hotplug.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 6ba0b8e..afabbda 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1861,6 +1861,7 @@ qemuDomainAttachMemory(virQEMUDriverPtr driver,
int id;
int ret = -1;
int rv;
+ bool restoreLabel = false;
qemuDomainMemoryDeviceAlignSize(vm->def, mem);
@@ -1893,6 +1894,11 @@ qemuDomainAttachMemory(virQEMUDriverPtr driver,
goto removedef;
}
+ if (virSecurityManagerSetMemoryLabel(driver->securityManager,
+ vm->def, mem) < 0)
+ goto cleanup;
+ restoreLabel = true;
+
qemuDomainObjEnterMonitor(driver, vm);
rv = qemuMonitorAddObject(priv->mon, backendType, objalias, props);
props = NULL; /* qemuMonitorAddObject consumes */
@@ -1945,6 +1951,10 @@ qemuDomainAttachMemory(virQEMUDriverPtr driver,
mem = NULL;
goto audit;
}
+ if (mem && restoreLabel &&
+ virSecurityManagerRestoreMemoryLabel(driver->securityManager,
+ vm->def, mem) < 0)
+ VIR_WARN("Unable to restore security label on memdev");
removedef:
if ((id = virDomainMemoryFindByDef(vm->def, mem)) >= 0)
@@ -3141,6 +3151,10 @@ qemuDomainRemoveMemoryDevice(virQEMUDriverPtr driver,
if ((idx = virDomainMemoryFindByDef(vm->def, mem)) >= 0)
virDomainMemoryRemove(vm->def, idx);
+ if (virSecurityManagerRestoreMemoryLabel(driver->securityManager,
+ vm->def, mem) < 0)
+ VIR_WARN("Unable to restore security label on memdev");
+
virDomainMemoryDefFree(mem);
/* fix the balloon size */
--
2.8.4