Re: [libvirt] [PATCH] qemu: Log error if domain uses security driver which is not loaded

On Tue, May 05, 2015 at 02:14:24PM +0200, Erik Skultety wrote: >When starting a domain, if we find out domain requests security drivers >we do not have loaded, we fail. However we don't check for this during >reconnect, so any operation relying on security driver functionality would fail. >If someone e.g. starts a domain with selinux driver loaded, then they turn off >the security driver in config, restart the daemon and call dump/save/.., >QEMU returns an error. >As we shouldn't kill the domain, we should at least log an error to let the >user know that domain reconnect wasn't completely clean. > >https://bugzilla.redhat.com/show_bug.cgi?id=1183893 >--- > src/qemu/qemu_process.c | 6 ++++++ > 1 file changed, 6 insertions(+) >

>diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c >index 56719eb..8da79e5 100644 >--- a/src/qemu/qemu_process.c >+++ b/src/qemu/qemu_process.c >@@ -3747,6 +3747,12 @@ qemuProcessReconnect(void *opaque) > if ((qemuDomainAssignAddresses(obj->def, priv->qemuCaps, obj)) < 0) > goto error; > >+ /* if domain requests security driver we haven't loaded, report error, but >+ * do not kill the domain >+ */ >+ ignore_value(virSecurityManagerCheckAllLabel(driver->securityManager, >+ obj->def)); >+ Shouldn't you reset any possible error after that?