Re: [libvirt] [PATCH 6/6] qemu: Use fd: protocol for migration
On 08/30/2011 08:49 AM, Daniel Veillard wrote:
> I'm still testing this, but based on how we label the
incoming pipe in
> qemuProcessStart, I think this will solve the problem.
>
> diff --git i/src/qemu/qemu_migration.c
w/src/qemu/qemu_migration.c
> index a2dc97c..38b05a9 100644
> --- i/src/qemu/qemu_migration.c
> if (spec.dest.fd.qemu == -1 ||
> - virSetCloseExec(spec.dest.fd.qemu)< 0 ||
> - virSetCloseExec(spec.dest.fd.local)< 0) {
> + virSecurityManagerSetImageFDLabel(driver->securityManager, vm,
> + spec.dest.fd.qemu)< 0) {
> virReportSystemError(errno, "%s",
> _("cannot create pipe for tunnelled
migration"));
> goto cleanup;
>
Okay, I managed to reproduce the problem and this fixes it,
ACK,
Thanks; pushed with this commit message:
commit e6b8bc812af254f2ec6321b3cb7e9210b519deb0
Author: Eric Blake <eblake(a)redhat.com>
Date: Mon Aug 29 17:31:42 2011 -0600
qemu: properly label outgoing pipe for tunneled migration
Commit 3261761 made it possible to use pipes instead of sockets
for outgoing tunneled migration; however, it caused a regression
because the pipe was never given a SELinux label.
* src/qemu/qemu_migration.c (doTunnelMigrate): Label outgoing pipe.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org