[libvirt] [RFC PATCH] Prevent defining a domain has disk used by other domain

Eric Blake eblake at redhat.com
Fri Sep 23 17:53:17 UTC 2011

On 09/23/2011 02:17 AM, Osier Yang wrote:
> Hmm, preventing the relabeling in security driver instead might be the
> more proper way? (If the disk source is used by other *running* domain,
> then quit relabeling and exit with error).

No, prevent the relabeling in the lock manager.  If one domain is
running and the lock manager is running, that should be sufficient to
prevent any other domain from starting with the same disk, even before
we get to the labeling point.

> However, this won't prevent one using same disk source for multiple domains
> if security_driver is disabled.
> And if security_driver is disabled, there will be no permission problem, all
> the domains can write to the same disk source, thus it might cause
> inconsistency
> between the domains or corrupt.
>> to see whether if the pricinple
>> is right or not.

The principle here is whether the lock manager is running.  Only if you
can still reproduce the problem with a lock manager (whether sanlock or
fcntl) do we have a bug to fix.

Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

More information about the libvir-list mailing list