提交 16fb3c8b 编写于 作者: M Michal Privoznik

qemu_blockjob: Remove secdriver metadata more frequently

If a block job reaches failed/cancelled state, or is completed
without pivot then we must remove security driver metadata
associated to the backing chain so that we don't leave any
metadata behind.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1741456Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
ACKed-by: NPeter Krempa <pkrempa@redhat.com>
上级 7f99d8a7
...@@ -659,7 +659,23 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverPtr driver, ...@@ -659,7 +659,23 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverPtr driver,
disk->src = disk->mirror; disk->src = disk->mirror;
} else { } else {
if (disk->mirror) { if (disk->mirror) {
virStorageSourcePtr n;
virDomainLockImageDetach(driver->lockManager, vm, disk->mirror); virDomainLockImageDetach(driver->lockManager, vm, disk->mirror);
/* Ideally, we would restore seclabels on the backing chain here
* but we don't know if somebody else is not using parts of it.
* Remove security driver metadata so that they are not leaked. */
for (n = disk->mirror; virStorageSourceIsBacking(n); n = n->backingStore) {
if (qemuSecurityMoveImageMetadata(driver, vm, n, NULL) < 0) {
VIR_WARN("Unable to remove disk metadata on "
"vm %s from %s (disk target %s)",
vm->def->name,
NULLSTR(disk->src->path),
disk->dst);
}
}
virObjectUnref(disk->mirror); virObjectUnref(disk->mirror);
} }
} }
...@@ -728,7 +744,23 @@ qemuBlockJobEventProcessLegacy(virQEMUDriverPtr driver, ...@@ -728,7 +744,23 @@ qemuBlockJobEventProcessLegacy(virQEMUDriverPtr driver,
case VIR_DOMAIN_BLOCK_JOB_FAILED: case VIR_DOMAIN_BLOCK_JOB_FAILED:
case VIR_DOMAIN_BLOCK_JOB_CANCELED: case VIR_DOMAIN_BLOCK_JOB_CANCELED:
if (disk->mirror) { if (disk->mirror) {
virStorageSourcePtr n;
virDomainLockImageDetach(driver->lockManager, vm, disk->mirror); virDomainLockImageDetach(driver->lockManager, vm, disk->mirror);
/* Ideally, we would restore seclabels on the backing chain here
* but we don't know if somebody else is not using parts of it.
* Remove security driver metadata so that they are not leaked. */
for (n = disk->mirror; virStorageSourceIsBacking(n); n = n->backingStore) {
if (qemuSecurityMoveImageMetadata(driver, vm, n, NULL) < 0) {
VIR_WARN("Unable to remove disk metadata on "
"vm %s from %s (disk target %s)",
vm->def->name,
NULLSTR(disk->src->path),
disk->dst);
}
}
virObjectUnref(disk->mirror); virObjectUnref(disk->mirror);
disk->mirror = NULL; disk->mirror = NULL;
} }
...@@ -1128,16 +1160,33 @@ qemuBlockJobProcessEventConcludedCopyAbort(virQEMUDriverPtr driver, ...@@ -1128,16 +1160,33 @@ qemuBlockJobProcessEventConcludedCopyAbort(virQEMUDriverPtr driver,
static void static void
qemuBlockJobProcessEventFailedActiveCommit(virDomainObjPtr vm, qemuBlockJobProcessEventFailedActiveCommit(virQEMUDriverPtr driver,
virDomainObjPtr vm,
qemuBlockJobDataPtr job) qemuBlockJobDataPtr job)
{ {
virDomainDiskDefPtr disk = job->disk;
virStorageSourcePtr n;
VIR_DEBUG("active commit job '%s' on VM '%s' failed", job->name, vm->def->name); VIR_DEBUG("active commit job '%s' on VM '%s' failed", job->name, vm->def->name);
if (!job->disk) if (!disk)
return; return;
virObjectUnref(job->disk->mirror); /* Ideally, we would make the backing chain read only again (yes, SELinux
job->disk->mirror = NULL; * can do that using different labels). But that is not implemented yet and
* not leaking security driver metadata is more important. */
for (n = disk->mirror; virStorageSourceIsBacking(n); n = n->backingStore) {
if (qemuSecurityMoveImageMetadata(driver, vm, n, NULL) < 0) {
VIR_WARN("Unable to remove disk metadata on "
"vm %s from %s (disk target %s)",
vm->def->name,
NULLSTR(disk->src->path),
disk->dst);
}
}
virObjectUnref(disk->mirror);
disk->mirror = NULL;
} }
...@@ -1231,7 +1280,7 @@ qemuBlockJobEventProcessConcludedTransition(qemuBlockJobDataPtr job, ...@@ -1231,7 +1280,7 @@ qemuBlockJobEventProcessConcludedTransition(qemuBlockJobDataPtr job,
break; break;
case QEMU_BLOCKJOB_TYPE_ACTIVE_COMMIT: case QEMU_BLOCKJOB_TYPE_ACTIVE_COMMIT:
qemuBlockJobProcessEventFailedActiveCommit(vm, job); qemuBlockJobProcessEventFailedActiveCommit(driver, vm, job);
break; break;
case QEMU_BLOCKJOB_TYPE_CREATE: case QEMU_BLOCKJOB_TYPE_CREATE:
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册