On 04/23/2012 08:49 PM, Eric Blake wrote: > This copies heavily from qemuDomainSnapshotCreateSingleDiskActive(), > in order to set the SELinux label, obtain locking manager lease, and > audit the fact that we hand a new file over to qemu. Alas, releasing > the lease and label at the end of the mirroring is a trickier > prospect (we would have to know the backing chain of both source and > destination, and be sure not to revoke rights to any part of the > chain that is shared), so for now, virDomainBlockJobAbort still > leaves things locked and labeled. > > * src/qemu/qemu_driver.c (qemuDomainBlockCopy): Set up labeling. > ---
Given today's fix for snapshot, and that this code heavily copied from
snapshot, I will be squashing this in:
diff --git i/src/qemu/qemu_driver.c w/src/qemu/qemu_driver.c
index a2f88fd..da4ad7e 100644
--- i/src/qemu/qemu_driver.c
+++ w/src/qemu/qemu_driver.c
@@ -12031,6 +12031,7 @@ qemuDomainBlockCopy(virDomainPtr dom, const char
*path,
char *mirrorFormat = NULL;
char *origsrc = NULL;
char *origdriver = NULL;
+ virCgroupPtr cgroup = NULL;
/* Preliminaries: find the disk we are editing, sanity checks */
virCheckFlags(VIR_DOMAIN_BLOCK_REBASE_SHALLOW |
@@ -12049,6 +12050,13 @@ qemuDomainBlockCopy(virDomainPtr dom, const
char *path,
_("domain is not running"));
goto cleanup;
}
+ if (qemuCgroupControllerActive(driver,
VIR_CGROUP_CONTROLLER_DEVICES) &&
+ virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0)) {
+ qemuReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unable to find cgroup for %s"),
+ vm->def->name);
+ goto cleanup;
+ }
device = qemuDiskPathToAlias(vm, path, &idx);
if (!device) {
@@ -12154,8 +12162,15 @@ qemuDomainBlockCopy(virDomainPtr dom, const
char *path,
if (virDomainLockDiskAttach(driver->lockManager, vm, disk) < 0)
goto endjob;
+ if (cgroup && qemuSetupDiskCgroup(driver, vm, cgroup, disk) < 0) {
+ if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
+ VIR_WARN("Unable to release lock on %s", dest);
+ goto cleanup;
+ }
if (virSecurityManagerSetImageLabel(driver->securityManager, vm->def,
disk) < 0) {
+ if (cgroup && qemuTeardownDiskCgroup(driver, vm, cgroup, disk) < 0)
+ VIR_WARN("Failed to teardown cgroup for disk path %s", dest);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", dest);
goto endjob;
@@ -12167,6 +12182,8 @@ qemuDomainBlockCopy(virDomainPtr dom, const char
*path,
virDomainAuditDisk(vm, NULL, dest, "mirror", ret >= 0);
qemuDomainObjExitMonitorWithDriver(driver, vm);
if (ret < 0) {
+ if (cgroup && qemuTeardownDiskCgroup(driver, vm, cgroup, disk) < 0)
+ VIR_WARN("Failed to teardown cgroup for disk path %s", dest);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on %s", dest);
@@ -12202,6 +12219,8 @@ endjob:
}
cleanup:
+ if (cgroup)
+ virCgroupFree(&cgroup);
VIR_FREE(device);
if (vm)
virDomainObjUnlock(vm);
--
Eric Blake [email protected] +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
