[libvirt] [PATCH 2/2] qemu: don't relabel chardev source file if virtlogd is used

Martin Kletzander mkletzan at redhat.com
Tue May 23 14:25:01 UTC 2017 

On Mon, May 15, 2017 at 04:28:35PM +0200, Pavel Hrdina wrote:
>If libvirt uses virtlogd instead of passing the file path directly
>to QEMU we shouldn't relabel the chardev source file, otherwise
>virtlogd will get a permission denied while reloading.
>
>Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=143098
>

You missed a digit and I'm too lazy to check 10 bugs for a reproducer ;)

>Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
>---
> src/conf/domain_conf.c          | 20 ++++++++++++++++++++
> src/conf/domain_conf.h          |  1 +
> src/qemu/qemu_command.c         | 12 ++++++++----
> src/security/security_dac.c     |  6 ++++++
> src/security/security_selinux.c |  6 ++++++
> 5 files changed, 41 insertions(+), 4 deletions(-)
>

I see you are changing the parser code, but you are not changing the
Relax-NG schema, neither any test.

>diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>index aa441fae3c..92f011d3a4 100644
>--- a/src/conf/domain_conf.c
>+++ b/src/conf/domain_conf.c
>@@ -2064,6 +2064,7 @@ virDomainChrSourceDefCopy(virDomainChrSourceDefPtr dest,
>     }
>
>     dest->type = src->type;
>+    dest->skipRelabel = src->skipRelabel;
>
>     return 0;
> }
>@@ -10608,6 +10609,7 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
>     char *append = NULL;
>     char *haveTLS = NULL;
>     char *tlsFromConfig = NULL;
>+    char *skipRelabel = NULL;
>     int remaining = 0;
>
>     while (cur != NULL) {
>@@ -10628,6 +10630,8 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
>                 case VIR_DOMAIN_CHR_TYPE_UNIX:
>                     if (!append && def->type == VIR_DOMAIN_CHR_TYPE_FILE)
>                         append = virXMLPropString(cur, "append");
>+                    if (!skipRelabel && def->type == VIR_DOMAIN_CHR_TYPE_FILE)
>+                        skipRelabel = virXMLPropString(cur, "skipRelabel");

I'm guessing you want to keep this away from users, right?  You should
not be parsing it from the XML then.  Or you should add a thing there
that the XML supports.  Not just a random attribute.

Either keep this data in private structure or even better, just add the
same thing as you would do with:

  <seclabel relabel="no"/>

with all the details of course.  The user can see it, can supply it, old
releases support it, all the stuff is there already.

I'm open to suggestions, but NACK to random "wannabe private" attributes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170523/13dd9713/attachment-0001.sig>

More information about the libvir-list mailing list