[PATCH 6/6] qemuSecurityDomainRestorePathLabel: Introduce @ignoreNS argument

Erik Skultety eskultet at redhat.com
Thu Jun 18 09:03:01 UTC 2020

On Wed, Jun 17, 2020 at 01:35:40PM +0200, Michal Privoznik wrote:
> In a few cases we might set seclabels on a path outside of
> namespaces. For instance, when restoring a domain from a file,
> the file is opened, relabelled and only then the namespace is
> created and the FD is passed to QEMU (see v6.3.0-rc1~108 for more
> info). Therefore, when restoring the label on the restore file,
> we must ignore domain namespaces and restore the label directly
> in the host.
> This bug demonstrates itself when restoring a domain from a block
> device. We don't create the block device inside the domain
> namespace and thus the following error is reported at the end of
> (otherwise successful) restore:
> error : virProcessRunInFork:1236 : internal error: child reported (status=125): unable to stat: /dev/sda: No such file or directory
> error : virProcessRunInFork:1240 : unable to stat: /dev/sda: No such file or directory
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
Reviewed-by: Erik Skultety <eskultet at redhat.com>

More information about the libvir-list mailing list