[libvirt] [PATCH] sec_manager: Refuse to start domain with unsupported seclabel
Michal Privoznik
mprivozn at redhat.com
Wed Apr 3 08:32:29 UTC 2013
On 02.04.2013 18:38, Eric Blake wrote:
> On 04/02/2013 10:07 AM, Michal Privoznik wrote:
>> https://bugzilla.redhat.com/show_bug.cgi?id=947387
>>
>> If a user configures a domain to use a seclabel of a specific type,
>> but the appropriate driver is not accessible, we should refuse to
>> start the domain. For instance, if user requires selinux, but it is
>> either non present in the system, or is just disabled, we should not
>> start the domain. Moreover, since we are touching only those labels we
>> have a security driver for, the other labels may confuse libvirt when
>> reconnecting to a domain on libvirtd restart. In our selinux example,
>> when starting up a domain, missing security label is okay, as we
>> auto-generate one. But later, when libvirt is re-connecting to a live
>> qemu instance, we parse a state XML, where security label is required
>> and it is an error if missing:
>>
>> error : virSecurityLabelDefParseXML:3228 : XML error: security label
>> is missing
>>
>> This results in a qemu process left behind without any libvirt control.
>> ---
>> src/security/security_manager.c | 15 ++++++++++++++-
>> 1 file changed, 14 insertions(+), 1 deletion(-)
>
> ACK.
>
Thanks, pushed.
Michal
More information about the libvir-list
mailing list