[libvirt] [PATCH v3 0/3] Correctly label migration TCP socket
Jiri Denemark
jdenemar at redhat.com
Fri Aug 26 08:23:45 UTC 2011
With current libvirt and qemu, migration is not working if SELinux is in
enforcing mode, since the TCP socket we pass to qemu is not labeled in a way
that would allow qemu to read from it.
After this patchset, migration works even in enforcing mode.
Jiri Denemark (3):
security: Rename SetSocketLabel APIs to SetDaemonSocketLabel
security: Introduce SetSocketLabel
qemu: Correctly label migration TCP socket
src/libvirt_private.syms | 1 +
src/qemu/qemu_migration.c | 5 +++-
src/qemu/qemu_process.c | 3 +-
src/security/security_dac.c | 11 +++++++++-
src/security/security_driver.h | 3 ++
src/security/security_manager.c | 10 +++++++++
src/security/security_manager.h | 2 +
src/security/security_nop.c | 7 ++++++
src/security/security_selinux.c | 42 +++++++++++++++++++++++++++++++++++++-
src/security/security_stack.c | 17 +++++++++++++++
10 files changed, 96 insertions(+), 5 deletions(-)
--
1.7.6.1
More information about the libvir-list
mailing list