[libvirt] [PATCH 6/6] qemu: Use fd: protocol for migration
Eric Blake
eblake at redhat.com
Tue Aug 30 15:22:05 UTC 2011
On 08/30/2011 08:49 AM, Daniel Veillard wrote:
>> I'm still testing this, but based on how we label the incoming pipe in
>> qemuProcessStart, I think this will solve the problem.
>>
>> diff --git i/src/qemu/qemu_migration.c w/src/qemu/qemu_migration.c
>> index a2dc97c..38b05a9 100644
>> --- i/src/qemu/qemu_migration.c
>> if (spec.dest.fd.qemu == -1 ||
>> - virSetCloseExec(spec.dest.fd.qemu)< 0 ||
>> - virSetCloseExec(spec.dest.fd.local)< 0) {
>> + virSecurityManagerSetImageFDLabel(driver->securityManager, vm,
>> + spec.dest.fd.qemu)< 0) {
>> virReportSystemError(errno, "%s",
>> _("cannot create pipe for tunnelled migration"));
>> goto cleanup;
>>
>
> Okay, I managed to reproduce the problem and this fixes it,
>
> ACK,
Thanks; pushed with this commit message:
commit e6b8bc812af254f2ec6321b3cb7e9210b519deb0
Author: Eric Blake <eblake at redhat.com>
Date: Mon Aug 29 17:31:42 2011 -0600
qemu: properly label outgoing pipe for tunneled migration
Commit 3261761 made it possible to use pipes instead of sockets
for outgoing tunneled migration; however, it caused a regression
because the pipe was never given a SELinux label.
* src/qemu/qemu_migration.c (doTunnelMigrate): Label outgoing pipe.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
More information about the libvir-list
mailing list