Re: [libvirt] [PATCH v4] selinux: relabel tapfd in qemuPhysIfaceConnect

On 10/19/2012 04:44 AM, Guannan Ren wrote: > Relabeling tapfd right after the tap device is created. > qemuPhysIfaceConnect is common function called both for static > netdevs and for hotplug netdevs. > --- > src/qemu/qemu_command.c | 18 ++++++++++++++---- > 1 file changed, 14 insertions(+), 4 deletions(-) > > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c > index 9096b3c..0623c58 100644 > --- a/src/qemu/qemu_command.c > +++ b/src/qemu/qemu_command.c > @@ -170,12 +170,26 @@ qemuPhysIfaceConnect(virDomainDefPtr def, > vmop, driver->stateDir, > virDomainNetGetActualBandwidth(net)); > if (rc >= 0) { > + if (virSecurityManagerSetTapFDLabel(driver->securityManager, > + def, rc) < 0) > + goto error; > + > virDomainAuditNetDevice(def, net, res_ifname, true); > VIR_FREE(net->ifname); > net->ifname = res_ifname; > } > > return rc; > + > +error: > + ignore_value(virNetDevMacVLanDeleteWithVPortProfile( > + res_ifname, &net->mac, > + virDomainNetGetActualDirectDev(net), > + virDomainNetGetActualDirectMode(net), > + virDomainNetGetActualVirtPortProfile(net), > + driver->stateDir)); > + VIR_FREE(res_ifname); > + return -1; > } > > > @@ -5446,10 +5460,6 @@ qemuBuildCommandLine(virConnectPtr conn, > if (tapfd < 0) > goto error; > > - if (virSecurityManagerSetTapFDLabel(driver->securityManager, > - def, tapfd) < 0) > - goto error; > - > last_good_net = i; > virCommandTransferFD(cmd, tapfd); > ACK.