On 10/18/2012 12:56 PM, Guannan Ren wrote:
Relabeling tapfd right after the tap device is created.
qemuPhysIfaceConnect is common function called both for static
netdevs and for hotplug netdevs.
---
src/qemu/qemu_command.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 0c0c400..81bed38 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -170,12 +170,21 @@ qemuPhysIfaceConnect(virDomainDefPtr def,
vmop, driver->stateDir,
virDomainNetGetActualBandwidth(net));
if (rc >= 0) {
+ if (virSecurityManagerSetTapFDLabel(driver->securityManager,
+ def, rc) < 0)
+ goto error;
+
virDomainAuditNetDevice(def, net, res_ifname, true);
VIR_FREE(net->ifname);
net->ifname = res_ifname;
}
return rc;
+
+error:
+ VIR_FREE(res_ifname);
+ VIR_FORCE_CLOSE(rc);
Sorry for dragging this on so much, but...
If you just close the tapfd here, the macvtap device itself will still
exist, and if it's in passthrough mode, the physdev will still have its
mac address set to the guest's mac address, *and* if it was associated
with an 802.1QbX switch, that association will still be live and there
will still be a callback for it registered.
Instead of directly closing the tapfd, you need to do the opposite of
virNetDevMacVLanCreateWithVPortProfile, which is
error:
ignore_value(virNetDevMacVLanDeleteWithVPortProfile(
res_ifname, &net->mac,
virDomainNetGetActualDirectDev(net),
virDomainNetGetActualDirectMode(net),
virDomainNetGetActualVirtPortProfile(net),
driver->stateDir));
VIR_FREE(res_ifname);
return -1;
(I *think* I got all those args correct, but you should check them to be
sure)
+ return -1;
}
@@ -5425,10 +5434,6 @@ qemuBuildCommandLine(virConnectPtr conn,
if (tapfd < 0)
goto error;
- if (virSecurityManagerSetTapFDLabel(driver->securityManager,
- def, tapfd) < 0)
- goto error;
-
last_good_net = i;
virCommandTransferFD(cmd, tapfd);