[PATCH v2] selinux label: restore all labels when some labels fail to set
Jin Yan
jinyan12 at huawei.com
Thu Nov 12 14:07:07 UTC 2020
When migration fails, qemuMigrationDstPrepareAny will call qemuProcessStop
to restore labels only after all labels are successfully set. If some labels
fail to set, the labels that have been set will not be restored.
Signed-off-by: Jin Yan <jinyan12 at huawei.com>
---
src/qemu/qemu_security.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 3bda96272c..0cb90c840a 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -51,16 +51,24 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
incomingPath,
priv->chardevStdioLogd,
migrated) < 0)
- goto cleanup;
+ goto restorelabel;
if (virSecurityManagerTransactionCommit(driver->securityManager,
pid, priv->rememberOwner) < 0)
- goto cleanup;
+ goto restorelabel;
ret = 0;
+
cleanup:
virSecurityManagerTransactionAbort(driver->securityManager);
return ret;
+
+ restorelabel:
+ virSecurityManagerRestoreAllLabel(driver->securityManager,
+ vm->def,
+ migrated,
+ priv->chardevStdioLogd);
+ goto cleanup;
}
--
2.23.0
More information about the libvir-list
mailing list