[PATCH v2 00/10] qemu: Fix image labels lost after migration with shared fs
Peng Liang
liangpeng10 at huawei.com
Mon Oct 11 12:00:38 UTC 2021
This is v2 of:
https://listman.redhat.com/archives/libvir-list/2021-August/msg00698.html
When migrating using shared fs, the dst host will remember the image
labels again before launching the VM and the src host will remove the
image labels after migration. It leads to that the image labels lost
after migration.
Patch 8-10 are the real fix patches.
v1 -> v2:
1. fix check of virFileIsSharedFS in patch10 (patch9 in v1) [Michal]
2. add implementation of SELinux (patch5, 7, 8) [Michal]
Peng Liang (10):
security: add virSecurityUpdateTimestampIfexists
security: add virSecurityManagerUpdateImageLabel
security: implement domainUpdateSecurityImageLabel for stack
security: implement domainUpdateSecurityImageLabel for DAC
security: implement domainUpdateSecurityImageLabel for SELinux
qemu: add qemuSecurityUpdateImageLabel
security: rename 2 functions in DAC and SELinux
security: don't remember image labels when migrating with shared fs
migration: don't remove image labels after migration
migration: update image labels in dst after migration
src/libvirt_private.syms | 1 +
src/qemu/qemu_migration.c | 12 +++++++
src/qemu/qemu_process.c | 5 ++-
src/qemu/qemu_security.c | 10 ++++++
src/qemu/qemu_security.h | 5 +++
src/security/security_dac.c | 58 ++++++++++++++++++++++++--------
src/security/security_driver.h | 5 +++
src/security/security_manager.c | 29 ++++++++++++++++
src/security/security_manager.h | 5 +++
src/security/security_selinux.c | 59 +++++++++++++++++++++++++--------
src/security/security_stack.c | 20 +++++++++++
src/security/security_util.c | 32 ++++++++++++++++++
src/security/security_util.h | 4 +++
13 files changed, 218 insertions(+), 27 deletions(-)
--
2.31.1
More information about the libvir-list
mailing list