[libvirt] [PATCH] Fix sec label setup when attaching to QEMU processes

[Daniel P. Berrange]

When attaching to a QEMU process, the def->seclabels array is
going to be empty. The qemuProcessAttach method must thus
populate it with data for the security drivers.

Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
---
 src/qemu/qemu_process.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 1f00840..7d41c93 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4479,6 +4479,7 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
     virDomainPausedReason reason;
     virSecurityLabelPtr seclabel = NULL;
     virSecurityLabelDefPtr seclabeldef = NULL;
+    bool seclabelgen = false;
     virSecurityManagerPtr* sec_managers = NULL;
     const char *model;
     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
@@ -4529,10 +4530,16 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
         goto error;
 
     for (i = 0; sec_managers[i]; i++) {
+        seclabelgen = false;
+        VIR_ERROR("Iter %zu", i);
         model = virSecurityManagerGetModel(sec_managers[i]);
         seclabeldef = virDomainDefGetSecurityLabelDef(vm->def, model);
-        if (seclabeldef == NULL)
-            goto error;
+        VIR_ERROR("model %s def %p", model, seclabeldef);
+        if (seclabeldef == NULL) {
+            if (!(seclabeldef = virDomainDefGenSecurityLabelDef(model)))
+                goto error;
+            seclabelgen = true;
+        }
         seclabeldef->type = VIR_DOMAIN_SECLABEL_STATIC;
         if (VIR_ALLOC(seclabel) < 0)
             goto error;
@@ -4546,6 +4553,12 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
         if (VIR_STRDUP(seclabeldef->label, seclabel->label) < 0)
             goto error;
         VIR_FREE(seclabel);
+
+        if (seclabelgen) {
+            if (VIR_APPEND_ELEMENT(vm->def->seclabels, vm->def->nseclabels, seclabeldef) < 0)
+                goto error;
+            seclabelgen = false;
+        }
     }
 
     VIR_DEBUG("Creating domain log file");
@@ -4692,6 +4705,8 @@ error:
     VIR_FORCE_CLOSE(logfile);
     VIR_FREE(seclabel);
     VIR_FREE(sec_managers);
+    if (seclabelgen)
+        virSecurityLabelDefFree(seclabeldef);
     virDomainChrSourceDefFree(monConfig);
     virObjectUnref(cfg);
     virObjectUnref(caps);
-- 
1.8.5.3