[PATCH] qemu: backup: Restore security label on backup disk store image on VM termination
Michal Privoznik
mprivozn at redhat.com
Fri Mar 19 12:33:46 UTC 2021
On 3/18/21 5:46 PM, Peter Krempa wrote:
> When the backup job is terminated normally the security label is
> restored by the blockjob finishing handler.
>
> If the VM dies or is destroyed that wouldn't happen as the blockjob
> handler wouldn't be called.
>
> Restore the security label on disk store where we remember that the job
> was running at the point when 'qemuBackupJobTerminate' was called.
>
> Not resetting the security label means that we also leak the xattr
> attributes remembering the label which prevents any further use of the
> file, which is a problem for block devices.
>
> This also requires that the call to 'qemuBackupJobTerminate' from
> 'qemuProcessStop' happens only after 'vm->pid' was reset as otherwise
> the security subdrivers attempt to enter the process namespace which
> fails if the process isn't running any more.
>
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1939082
> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
> ---
> src/qemu/qemu_backup.c | 36 ++++++++++++++++++++++++++----------
> src/qemu/qemu_process.c | 8 ++++----
> 2 files changed, 30 insertions(+), 14 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
Michal
More information about the libvir-list
mailing list