On 11/20/19 3:22 PM, Peter Krempa wrote:
Okay, how about this commit message:
qemuProcessStop: Remove image metadata for running mirror jobs
If user starts a blockcommit without --pivot or a blockcopy also
without --pivot then we modify access for qemu on both images and
leave it like that until pivot is executed. So far so good. Problem
is, if user instead of issuing pivot calls destroy on the domain or
if qemu dies whilst executing the block job. In this case we don't
ever clear the access we granted at the beginning. To fix this,
maybe a bit harsh approach is used, but it works: after all labels
were restored (that is after qemuSecurityRestoreAllLabel() was
called), we iterate over each disk in the domain and remove XATTRs
from the whole backing chain and also from any file the disk is being
mirrored to.
This would have been done at the time of pivot, but it isn't because
user decided to kill the domain instead. If we don't do this and
leave some XATTRs behind the domain might be unable to start.
Also, secdriver can't do this because it doesn't know if there is any
job running. It's outside of its scope - the hypervisor driver is
responsible for calling secdriver's APIs.
https://bugzilla.redhat.com/show_bug.cgi?id=1741456#c19
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
Michal