On Tue, Apr 08, 2014 at 09:11:33AM -0400, Shivaprasad G Bhat wrote: > > The file handle passed from libvirt to qemu is not set to the context of > the > guest. So, set the selinux context of fd before passing it to qemu > > Signed-off-by: Shivaprasad G Bhat&lt;sbhat(a)linux.vnet.ibm.com&gt; > --- > src/qemu/qemu_driver.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c > index 4bb4819..8cf3666 100644 > --- a/src/qemu/qemu_driver.c > +++ b/src/qemu/qemu_driver.c > @@ -5522,6 +5522,9 @@ qemuDomainRestoreFlags(virConnectPtr conn, > goto cleanup; > def = NULL; > > + if (virSecurityManagerSetImageFDLabel(driver->securityManager, > vm->def, fd) < 0) > + goto cleanup; > + > if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) > goto cleanup; > > What is the particular problem you are trying to fix, how do you reproduce the issue? Have a look at 'git log --format=oneline', for example, to see how to format commit message subject. In most cases We tend to describe the change being done, not a problem that exists (and shouldn't after the commit is applied). I'd suggest using "qemu: Properly label FDs when restoring domain with static label" for example. You are duplicating the code we have in place already, just the condition is wrong probably (see qemuProcessStart(), virSecurityManagerSetImageFDLabel() is called when there is stdin_fd (the same fd you have in qemuDomainRestore{,Flags}) and it's a pipe (that's probably the root cause). Fixing it there will make it work in qemuDomainRestore() as well as qemuDomainRestoreFlags() and any other function we will call qemuProcessStart() in. Martin