[libvirt] [PATCH] qemu: fix regression with fd labeling on migration
Eric Blake
eblake at redhat.com
Tue Mar 29 13:14:19 UTC 2011
On 03/28/2011 08:33 PM, Daniel Veillard wrote:
> On Mon, Mar 28, 2011 at 04:33:58PM -0600, Eric Blake wrote:
>> My earlier testing for commit 34fa0de0 was done while starting
>> just-built libvirt from an unconfined_t shell, where the fds happened
>> to work when transferring to qemu. But when installed and run under
>> virtd_t, failure to label the raw file (with no compression) or the
>> pipe (with compression) triggers SELinux failures when passing fds
>> over SCM_RIGHTS to svirt_t qemu.
>>
>> * src/qemu/qemu_migration.c (qemuMigrationToFile): When passing
>> FDs, make sure they are labeled.
>
> Based on the xplanations, that looks a reasonable patch,
>
> ACK,
Thanks; pushed. Here's hoping the SELinux policy can indeed be updated
to make testing this from unconfined context easier.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110329/0d8031ba/attachment-0001.sig>
More information about the libvir-list
mailing list