On Thu, Dec 05, 2013 at 13:18:57 -0500, Cole Robinson wrote:
Since setting security label is dependent bus/addr being available. This fixes hotplugging a USB device that is referenced only by product/vendor (virt-manager's default).
https://bugzilla.redhat.com/show_bug.cgi?id=1016511
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index f4fc723..d93fef9 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c ... @@ -1601,6 +1600,11 @@ int qemuDomainAttachHostDevice(virQEMUDriverPtr driver, return -1; }
+ /* We need to fill in USB values before the security labeling */ + if (hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB && + qemuFindHostdevUSBDevice(hostdev, true, &usb) < 0) + return -1; + if (virSecurityManagerSetHostdevLabel(driver->securityManager, vm->def, hostdev, NULL) < 0) return -1; @@ -1614,7 +1618,7 @@ int qemuDomainAttachHostDevice(virQEMUDriverPtr driver,
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: if (qemuDomainAttachHostUsbDevice(driver, vm, - hostdev) < 0) + hostdev, usb) < 0) goto error; break;
Shouldn't we rather move virSecurityManagerSetHostdevLabel further in device-type specific functions similarly to how I fixed this issue for qemuSetupHostdevCGroup in 05e149f94cbd34e4c3d4e9c7f6871e13cfe03d8c? I think it makes sense to label devices only after we know they are not used by other domains and after we know we can really attach them. Jirka