[libvirt] [PATCH v3 3/3] qemu: Correctly label migration TCP socket
Daniel Veillard
veillard at redhat.com
Fri Aug 26 09:00:55 UTC 2011
On Fri, Aug 26, 2011 at 10:23:48AM +0200, Jiri Denemark wrote:
> ---
> Notes:
> Version 3:
> - use virSecurityManagerSetSocketLabel/virSecurityManagerClearSocketLabel
> pair around virNetSocketNewConnectTCP to label the newly created socket
> with svirt_t
>
> Version 2:
> - use virSecurityManagerSetProcessFDLabel instead of
> virSecurityManagerSetImageFDLabel since the correct label for
> TCP sockets appears to be svirt_t and not svirt_image_t
>
> src/qemu/qemu_migration.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
> index a38c0d9..3818d71 100644
> --- a/src/qemu/qemu_migration.c
> +++ b/src/qemu/qemu_migration.c
> @@ -1624,11 +1624,14 @@ static int doNativeMigrate(struct qemud_driver *driver,
> virReportOOMError();
> goto cleanup;
> }
> + if (virSecurityManagerSetSocketLabel(driver->securityManager, vm) < 0)
> + goto cleanup;
> if (virNetSocketNewConnectTCP(uribits->server, tmp, &sock) == 0) {
> spec.dest.fd.qemu = virNetSocketDupFD(sock, true);
> virNetSocketFree(sock);
> }
> - if (spec.dest.fd.qemu == -1)
> + if (virSecurityManagerClearSocketLabel(driver->securityManager, vm) < 0 ||
> + spec.dest.fd.qemu == -1)
> goto cleanup;
> } else {
> spec.destType = MIGRATION_DEST_HOST;
ACK now, I feel more confident it it :-)
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list