[libvirt] [PATCH v3 3/3] qemu: Correctly label migration TCP socket
Daniel P. Berrange
berrange at redhat.com
Fri Aug 26 09:41:39 UTC 2011
On Fri, Aug 26, 2011 at 10:23:48AM +0200, Jiri Denemark wrote:
> ---
> Notes:
> Version 3:
> - use virSecurityManagerSetSocketLabel/virSecurityManagerClearSocketLabel
> pair around virNetSocketNewConnectTCP to label the newly created socket
> with svirt_t
>
> Version 2:
> - use virSecurityManagerSetProcessFDLabel instead of
> virSecurityManagerSetImageFDLabel since the correct label for
> TCP sockets appears to be svirt_t and not svirt_image_t
>
> src/qemu/qemu_migration.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
> index a38c0d9..3818d71 100644
> --- a/src/qemu/qemu_migration.c
> +++ b/src/qemu/qemu_migration.c
> @@ -1624,11 +1624,14 @@ static int doNativeMigrate(struct qemud_driver *driver,
> virReportOOMError();
> goto cleanup;
> }
> + if (virSecurityManagerSetSocketLabel(driver->securityManager, vm) < 0)
> + goto cleanup;
> if (virNetSocketNewConnectTCP(uribits->server, tmp, &sock) == 0) {
> spec.dest.fd.qemu = virNetSocketDupFD(sock, true);
> virNetSocketFree(sock);
> }
> - if (spec.dest.fd.qemu == -1)
> + if (virSecurityManagerClearSocketLabel(driver->securityManager, vm) < 0 ||
> + spec.dest.fd.qemu == -1)
> goto cleanup;
> } else {
> spec.destType = MIGRATION_DEST_HOST;
ACK
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list