On Thu, Dec 05, 2013 at 13:18:57 -0500, Cole Robinson wrote:
> Since setting security label is dependent bus/addr being available.
> This fixes hotplugging a USB device that is referenced only by
> product/vendor (virt-manager's default).
>
>
https://bugzilla.redhat.com/show_bug.cgi?id=1016511
>
> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
> index f4fc723..d93fef9 100644
> --- a/src/qemu/qemu_hotplug.c
> +++ b/src/qemu/qemu_hotplug.c
...
> @@ -1601,6 +1600,11 @@ int qemuDomainAttachHostDevice(virQEMUDriverPtr driver,
> return -1;
> }
>
> + /* We need to fill in USB values before the security labeling */
> + if (hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB
&&
> + qemuFindHostdevUSBDevice(hostdev, true, &usb) < 0)
> + return -1;
> +
> if (virSecurityManagerSetHostdevLabel(driver->securityManager,
> vm->def, hostdev, NULL) < 0)
> return -1;
> @@ -1614,7 +1618,7 @@ int qemuDomainAttachHostDevice(virQEMUDriverPtr driver,
>
> case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB:
> if (qemuDomainAttachHostUsbDevice(driver, vm,
> - hostdev) < 0)
> + hostdev, usb) < 0)
> goto error;
> break;
Shouldn't we rather move virSecurityManagerSetHostdevLabel further in
device-type specific functions similarly to how I fixed this issue for
qemuSetupHostdevCGroup in 05e149f94cbd34e4c3d4e9c7f6871e13cfe03d8c? I
think it makes sense to label devices only after we know they are not
used by other domains and after we know we can really attach them.
Good points, I'll take a stab at it if you aren't already working on it.
- Cole