Re: [libvirt] [PATCH] qemu: Label correct per-VM path when starting
On Tue, Aug 25, 2015 at 11:53:15AM +0200, Martin Kletzander wrote: Commit f1f68ca33433825ce0deed2d96f1990200bc6618 overused mdir_name() event though it was not needed in the latest version, hence labelling directory one level up in the tree and not the one it should. If anyone with SElinux managed to try run a domain with guest agent set up, it's highly possible that they will need to run 'restorecon -F /var/lib/libvirt/qemu/channel/target' to fix what was done. Signed-off-by: Martin Kletzander mklet...@redhat.com --- src/qemu/qemu_process.c | 16 +++- 1 file changed, 3 insertions(+), 13 deletions(-) ACK Pavel -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: Label correct per-VM path when starting
On 08/25/2015 05:53 PM, Martin Kletzander wrote: Commit f1f68ca33433825ce0deed2d96f1990200bc6618 overused mdir_name() event though it was not needed in the latest version, hence labelling directory one level up in the tree and not the one it should. If anyone with SElinux managed to try run a domain with guest agent set up, it's highly possible that they will need to run 'restorecon -F /var/lib/libvirt/qemu/channel/target' to fix what was done. I have test it and this patch can fix the problem which will make guest cannot start on my machine. Luyao -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: Label correct per-VM path when starting
Commit f1f68ca33433825ce0deed2d96f1990200bc6618 overused mdir_name() event though it was not needed in the latest version, hence labelling directory one level up in the tree and not the one it should. If anyone with SElinux managed to try run a domain with guest agent set up, it's highly possible that they will need to run 'restorecon -F /var/lib/libvirt/qemu/channel/target' to fix what was done. Signed-off-by: Martin Kletzander mklet...@redhat.com --- src/qemu/qemu_process.c | 16 +++- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 93ccd2a706b9..f7eb2b609437 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -46,7 +46,6 @@ #include cpu/cpu.h #include datatypes.h -#include dirname.h #include virlog.h #include virerror.h #include viralloc.h @@ -4390,7 +4389,7 @@ int qemuProcessStart(virConnectPtr conn, unsigned int hostdev_flags = 0; size_t nnicindexes = 0; int *nicindexes = NULL; -char *tmppath = NULL, *tmpdirpath = NULL; +char *tmppath = NULL; VIR_DEBUG(vm=%p name=%s id=%d asyncJob=%d migrateFrom=%s stdin_fd=%d stdin_path=%s snapshot=%p vmop=%d flags=0x%x, @@ -4738,15 +4737,11 @@ int qemuProcessStart(virConnectPtr conn, if (virFileMakePath(tmppath) 0) goto cleanup; -if (!(tmpdirpath = mdir_name(tmppath))) -goto cleanup; - if (virSecurityManagerDomainSetDirLabel(driver-securityManager, -vm-def, tmpdirpath) 0) +vm-def, tmppath) 0) goto cleanup; VIR_FREE(tmppath); -VIR_FREE(tmpdirpath); if (virAsprintf(tmppath, %s/domain-%s, cfg-channelTargetDir, vm-def-name) 0) @@ -4755,14 +4750,10 @@ int qemuProcessStart(virConnectPtr conn, if (virFileMakePath(tmppath) 0) goto cleanup; -if (!(tmpdirpath = mdir_name(tmppath))) -goto cleanup; - if (virSecurityManagerDomainSetDirLabel(driver-securityManager, -vm-def, tmpdirpath) 0) +vm-def, tmppath) 0) goto cleanup; -VIR_FREE(tmpdirpath); VIR_FREE(tmppath); /* now that we know it is about to start call the hook if present */ @@ -5119,7 +5110,6 @@ int qemuProcessStart(virConnectPtr conn, * if we failed to initialize the now running VM. kill it off and * pretend we never started it */ VIR_FREE(tmppath); -VIR_FREE(tmpdirpath); VIR_FREE(nodeset); virCommandFree(cmd); VIR_FORCE_CLOSE(logfile); -- 2.5.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: Label correct per-VM path when starting
On Tue, Aug 25, 2015 at 11:53:15AM +0200, Martin Kletzander wrote: Commit f1f68ca33433825ce0deed2d96f1990200bc6618 overused mdir_name() event though it was not needed in the latest version, hence labelling directory one level up in the tree and not the one it should. If anyone with SElinux managed to try run a domain with guest agent set up, it's highly possible that they will need to run 'restorecon -F /var/lib/libvirt/qemu/channel/target' to fix what was done. I forgot to add: Reported-by: Luyao Huang lhu...@redhat.com Signed-off-by: Martin Kletzander mklet...@redhat.com --- src/qemu/qemu_process.c | 16 +++- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 93ccd2a706b9..f7eb2b609437 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -46,7 +46,6 @@ #include cpu/cpu.h #include datatypes.h -#include dirname.h #include virlog.h #include virerror.h #include viralloc.h @@ -4390,7 +4389,7 @@ int qemuProcessStart(virConnectPtr conn, unsigned int hostdev_flags = 0; size_t nnicindexes = 0; int *nicindexes = NULL; -char *tmppath = NULL, *tmpdirpath = NULL; +char *tmppath = NULL; VIR_DEBUG(vm=%p name=%s id=%d asyncJob=%d migrateFrom=%s stdin_fd=%d stdin_path=%s snapshot=%p vmop=%d flags=0x%x, @@ -4738,15 +4737,11 @@ int qemuProcessStart(virConnectPtr conn, if (virFileMakePath(tmppath) 0) goto cleanup; -if (!(tmpdirpath = mdir_name(tmppath))) -goto cleanup; - if (virSecurityManagerDomainSetDirLabel(driver-securityManager, -vm-def, tmpdirpath) 0) +vm-def, tmppath) 0) goto cleanup; VIR_FREE(tmppath); -VIR_FREE(tmpdirpath); if (virAsprintf(tmppath, %s/domain-%s, cfg-channelTargetDir, vm-def-name) 0) @@ -4755,14 +4750,10 @@ int qemuProcessStart(virConnectPtr conn, if (virFileMakePath(tmppath) 0) goto cleanup; -if (!(tmpdirpath = mdir_name(tmppath))) -goto cleanup; - if (virSecurityManagerDomainSetDirLabel(driver-securityManager, -vm-def, tmpdirpath) 0) +vm-def, tmppath) 0) goto cleanup; -VIR_FREE(tmpdirpath); VIR_FREE(tmppath); /* now that we know it is about to start call the hook if present */ @@ -5119,7 +5110,6 @@ int qemuProcessStart(virConnectPtr conn, * if we failed to initialize the now running VM. kill it off and * pretend we never started it */ VIR_FREE(tmppath); -VIR_FREE(tmpdirpath); VIR_FREE(nodeset); virCommandFree(cmd); VIR_FORCE_CLOSE(logfile); -- 2.5.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list signature.asc Description: PGP signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
