• D
    Fix save and restore with non-privileged guests and SELinux · bc0010b3
    Daniel P. Berrange 提交于
    When running qemu:///system instance, libvirtd runs as root,
    but QEMU may optionally be configured to run non-root. When
    then saving a guest to a state file, the file is initially
    created as root, and thus QEMU cannot write to it. It is also
    missing labelling required to allow access via SELinux.
    
    * src/qemu/qemu_driver.c: Set ownership on save image before
      running migrate command in virDomainSave impl. Call out to
      security driver to set save image labelling
    * src/security/security_driver.h: Add driver APIs for setting
      and restoring saved state file labelling
    * src/security/security_selinux.c: Implement saved state file
      labelling for SELinux
    bc0010b3
security_selinux.c 19.9 KB