[libvirt] [PATCH] qemu: Properly label FDs while saving domain for successful restores in case of static labelling.

Tuesday, 10 June 2014

Static labelling has the relabel set to no by default and restore of a saved
image file fails when the selinux context is static. This is because the saved
file doesnt have the context set during the saving.
The libvirt has to set the conext of save image file to that of the guest
during save. The fix applies to both managedsave and save codepath.
The managedsave works as is without the fix as well since the files are saved
in the directory having viable default context.

Signed-off-by: Shivaprasad G Bhat <shivaprasadbhat(a)gmail.com&gt;
---
 src/qemu/qemu_driver.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3a7622a..e4390ee 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2966,6 +2966,9 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
     if (fd < 0)
         goto cleanup;
 
+    if (asyncJob == QEMU_ASYNC_JOB_SAVE)
+        virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, fd);
+
     if (!(wrapperFd = virFileWrapperFdNew(&fd, path, wrapperFlags)))
         goto cleanup;
 


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH] qemu: Properly label FDs while saving domain for successful restores in case of static labelling.