[libvirt] [PATCH v4] selinux: relabel tapfd in qemuPhysIfaceConnect
Guannan Ren
gren at redhat.com
Fri Oct 19 16:05:51 UTC 2012
On 10/19/2012 11:55 PM, Laine Stump wrote:
> On 10/19/2012 04:44 AM, Guannan Ren wrote:
>> Relabeling tapfd right after the tap device is created.
>> qemuPhysIfaceConnect is common function called both for static
>> netdevs and for hotplug netdevs.
>> ---
>> src/qemu/qemu_command.c | 18 ++++++++++++++----
>> 1 file changed, 14 insertions(+), 4 deletions(-)
>>
>> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>> index 9096b3c..0623c58 100644
>> --- a/src/qemu/qemu_command.c
>> +++ b/src/qemu/qemu_command.c
>> @@ -170,12 +170,26 @@ qemuPhysIfaceConnect(virDomainDefPtr def,
>> vmop, driver->stateDir,
>> virDomainNetGetActualBandwidth(net));
>> if (rc >= 0) {
>> + if (virSecurityManagerSetTapFDLabel(driver->securityManager,
>> + def, rc) < 0)
>> + goto error;
>> +
>> virDomainAuditNetDevice(def, net, res_ifname, true);
>> VIR_FREE(net->ifname);
>> net->ifname = res_ifname;
>> }
>>
>> return rc;
>> +
>> +error:
>> + ignore_value(virNetDevMacVLanDeleteWithVPortProfile(
>> + res_ifname, &net->mac,
>> + virDomainNetGetActualDirectDev(net),
>> + virDomainNetGetActualDirectMode(net),
>> + virDomainNetGetActualVirtPortProfile(net),
>> + driver->stateDir));
>> + VIR_FREE(res_ifname);
>> + return -1;
>> }
>>
>>
>> @@ -5446,10 +5460,6 @@ qemuBuildCommandLine(virConnectPtr conn,
>> if (tapfd < 0)
>> goto error;
>>
>> - if (virSecurityManagerSetTapFDLabel(driver->securityManager,
>> - def, tapfd) < 0)
>> - goto error;
>> -
>> last_good_net = i;
>> virCommandTransferFD(cmd, tapfd);
>>
> ACK.
Thanks and pushed.
Guannan
More information about the libvir-list
mailing list