selinux: relabel tapfd in qemuPhysIfaceConnect

Relabeling tapfd right after the tap device is created. qemuPhysIfaceConnect is common function called both for static netdevs and for hotplug netdevs.

selinux: relabel tapfd in qemuPhysIfaceConnect
Relabeling tapfd right after the tap device is created. qemuPhysIfaceConnect is common function called both for static netdevs and for hotplug netdevs.
4492ef7f · Guannan Ren · 8d75e47e · 4492ef7f
显示空白变更内容
内联并排

Showing with 14 addition and 4 deletion

src/qemu/qemu_command.c src/qemu/qemu_command.c +14 -4

未找到文件。
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -170,12 +170,26 @@ qemuPhysIfaceConnect(virDomainDefPtr def,
        vmop, driver->stateDir,
        virDomainNetGetActualBandwidth(net));
    if (rc >= 0) {
+        if (virSecurityManagerSetTapFDLabel(driver->securityManager,
+                                            def, rc) < 0)
+            goto error;
+
        virDomainAuditNetDevice(def, net, res_ifname, true);
        VIR_FREE(net->ifname);
        net->ifname = res_ifname;
    }

    return rc;
+
+error:
+    ignore_value(virNetDevMacVLanDeleteWithVPortProfile(
+                     res_ifname, &net->mac,
+                     virDomainNetGetActualDirectDev(net),
+                     virDomainNetGetActualDirectMode(net),
+                     virDomainNetGetActualVirtPortProfile(net),
+                     driver->stateDir));
+    VIR_FREE(res_ifname);
+    return -1;
 }


@@ -5446,10 +5460,6 @@ qemuBuildCommandLine(virConnectPtr conn,
                if (tapfd < 0)
                    goto error;

-                if (virSecurityManagerSetTapFDLabel(driver->securityManager,
-                                                    def, tapfd) < 0)
-                    goto error;
-
                last_good_net = i;
                virCommandTransferFD(cmd, tapfd);