Re: [libvirt] [PATCH] qemudDomainMemoryPeek: chown temporary file to qemu.qemu.
On Fri, May 20, 2011 at 03:40:35PM +0100, Daniel P. Berrange wrote:
I think we likely need /var/cache/libvirt to be 0711 so that
QEMU can access directories below it, but not actually read it.
0711 does indeed work fine. However, where/what sets this?
Oh, there is a bogus 'if (dom) virDomainFree(dom)' call in
the
remote dispatcher remoteDispatchDomainMemoryPeek
Ah, well spotted! The attached patch does indeed remove the
warning/error.
We will also need to set the SELinux context on the file. So instead
of directly using chown, we need to call
virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
OK, this works -- see updated patch attached.
and after the monitor command completes, run
virSecurityManagerRestoreSavedStateLabel(qemu_driver->securityManager, vm, tmp);
This says:
15:52:28.144: 11128: warning : SELinuxRestoreSecurityFileLabel:460 : cannot lookup default
selinux label for /var/cache/libvirt/qemu/qemu.mem.Cjn86L
Is it really necessary to restore the label for a file we're going
to delete?
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v
Attachments:
- 0002-remote-remove-bogus-virDomainFree.patch (text/plain — 722 bytes)
- 0001-qemudDomainMemoryPeek-change-ownership-selinux-label.patch (text/plain — 978 bytes)