[libvirt] [PATCH 01/11] qemuDomainAttachSCSIVHostDevice: Prefer qemuSecurity wrappers

Peter Krempa pkrempa at redhat.com
Wed Feb 8 12:58:43 UTC 2017 

On Wed, Feb 08, 2017 at 11:37:04 +0100, Michal Privoznik wrote:
> Since we have qemuSecurity wrappers over
> virSecurityManagerSetHostdevLabel and
> virSecurityManagerRestoreHostdevLabel we ought to use them
> instead of calling secdriver APIs directly.

Also it possibly would be worth mentioning that without those wrappers
the labelling won't be done in the correct namespace and thus won't
apply to the nodes seen by qemu itself.

I presume that that bug actually motivated you do do so.

> 
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
>  src/qemu/qemu_hotplug.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
> index e272df356..dd6e31823 100644
> --- a/src/qemu/qemu_hotplug.c
> +++ b/src/qemu/qemu_hotplug.c
> @@ -2552,8 +2552,7 @@ qemuDomainAttachSCSIVHostDevice(virQEMUDriverPtr driver,
>          goto cleanup;
>      teardowncgroup = true;
>  
> -    if (virSecurityManagerSetHostdevLabel(driver->securityManager,
> -                                          vm->def, hostdev, NULL) < 0)
> +    if (qemuSecuritySetHostdevLabel(driver, vm, hostdev) < 0)
>          goto cleanup;
>      teardownlabel = true;
>  
> @@ -2612,8 +2611,7 @@ qemuDomainAttachSCSIVHostDevice(virQEMUDriverPtr driver,
>          if (teardowncgroup && qemuTeardownHostdevCgroup(vm, hostdev) < 0)
>              VIR_WARN("Unable to remove host device cgroup ACL on hotplug fail");
>          if (teardownlabel &&
> -            virSecurityManagerRestoreHostdevLabel(driver->securityManager,
> -                                                  vm->def, hostdev, NULL) < 0)
> +            qemuSecurityRestoreHostdevLabel(driver, vm, hostdev) < 0)
>              VIR_WARN("Unable to restore host device labelling on hotplug fail");
>          if (releaseaddr)
>              qemuDomainReleaseDeviceAddress(vm, hostdev->info, NULL);

ACK with commit message fixed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170208/77e1f7fc/attachment-0001.sig>

More information about the libvir-list mailing list