blockjob: allow mirroring under SELinux and cgroup
Use the recent addition of qemuDomainPrepareDiskChainElement to obtain locking manager lease, permit a block device through cgroups, and set the SELinux label; then audit the fact that we hand a new file over to qemu. Alas, releasing the lease and label at the end of the mirroring is a trickier prospect (we would have to trace the backing chain of both source and destination, and be sure not to revoke rights to any part of the chain that is shared), so for now, virDomainBlockJobAbort still leaves things with additional access granted (as block-pull and block-commit have the same problem of not clamping access after completion, a future cleanup would cover all three commands). * src/qemu/qemu_driver.c (qemuDomainBlockCopy): Set up labeling.
Showing
-
mentioned in commit 20326db6
-
mentioned in commit e22f1c2e
-
mentioned in commit 261679a8
-
mentioned in commit 17df6a9b
-
mentioned in commit 4fb55871
-
mentioned in commit 2a78c0f9
-
mentioned in commit 9bb60cb4
-
mentioned in commit f4a7efee
-
mentioned in commit e7ee7542
-
mentioned in commit 53bde6b7
-
mentioned in commit a103b53f
-
mentioned in commit a73122a4
-
mentioned in commit b7771f92
-
mentioned in commit b850e1a9
-
mentioned in commit 5b3af9c0
-
mentioned in commit 961758a1
想要评论请 注册 或 登录