[libvirt] [PATCH for v5.3.0 16/17] qemu: Move image security metadata on snapshot activity
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_blockjob.c | 6 ++++++
src/qemu/qemu_driver.c | 17 ++++++++++++++---
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c
index fa7e4c8625..1b4e30ba01 100644
--- a/src/qemu/qemu_blockjob.c
+++ b/src/qemu/qemu_blockjob.c
@@ -37,6 +37,7 @@
#include "locking/domain_lock.h"
#include "viralloc.h"
#include "virstring.h"
+#include "qemu_security.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
@@ -275,6 +276,11 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverPtr driver,
* want to only revoke the non-shared portion of the chain); so for
* now, we leak the access to the original. */
virDomainLockImageDetach(driver->lockManager, vm, disk->src);
+
+ /* Move secret driver metadata */
+ if (qemuSecurityMoveImageMetadata(driver, vm, disk->src, disk->mirror) <
0)
+ VIR_WARN("Unable to move disk metadata on vm %s",
vm->def->name);
+
virObjectUnref(disk->src);
disk->src = disk->mirror;
} else {
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 62d8d977c5..1af6272c71 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -15173,22 +15173,33 @@ qemuDomainSnapshotUpdateDiskSourcesRenumber(virStorageSourcePtr
src)
/**
* qemuDomainSnapshotUpdateDiskSources:
+ * @driver: QEMU driver
+ * @vm: domain object
* @dd: snapshot disk data object
* @persist: set to true if persistent config of the VM was changed
*
* Updates disk definition after a successful snapshot.
*/
static void
-qemuDomainSnapshotUpdateDiskSources(qemuDomainSnapshotDiskDataPtr dd,
+qemuDomainSnapshotUpdateDiskSources(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ qemuDomainSnapshotDiskDataPtr dd,
bool *persist)
{
- if (!dd->src)
+ if (!dd->src) {
+ /* Remove old metadata */
+ if (qemuSecurityMoveImageMetadata(driver, vm, dd->disk->src, NULL) < 0)
+ VIR_WARN("Unable to remove disk metadata on vm %s",
vm->def->name);
return;
+ }
/* storage driver access won'd be needed */
if (dd->initialized)
virStorageFileDeinit(dd->src);
+ if (qemuSecurityMoveImageMetadata(driver, vm, dd->disk->src, dd->src) <
0)
+ VIR_WARN("Unable to move disk metadata on vm %s",
vm->def->name);
+
/* the old disk image is now readonly */
dd->disk->src->readonly = true;
@@ -15313,7 +15324,7 @@ qemuDomainSnapshotCreateDiskActive(virQEMUDriverPtr driver,
virDomainAuditDisk(vm, dd->disk->src, dd->src, "snapshot",
ret >= 0);
if (ret == 0)
- qemuDomainSnapshotUpdateDiskSources(dd, &persist);
+ qemuDomainSnapshotUpdateDiskSources(driver, vm, dd, &persist);
}
if (ret < 0)
--
2.19.2