提交 86032b22 编写于 作者: M Michal Privoznik

qemu: Don't overwrite security labels

Currently, if qemuProcessStart fail at some point, e.g. because
domain being started wants a PCI/USB device already assigned to
a different domain, we jump to cleanup label where qemuProcessStop
is performed. This unconditionally calls virSecurityManagerRestoreAllLabel
which is wrong because the other domain is still using those devices.

However, once we successfully label all devices/paths in
qemuProcessStart() from that point on, we have to perform a rollback
on failure - that is - we have to virSecurityManagerRestoreAllLabel.
上级 69dd7714
...@@ -3281,6 +3281,7 @@ int qemuProcessStart(virConnectPtr conn, ...@@ -3281,6 +3281,7 @@ int qemuProcessStart(virConnectPtr conn,
int i; int i;
char *nodeset = NULL; char *nodeset = NULL;
char *nodemask = NULL; char *nodemask = NULL;
unsigned int stop_flags;
/* Okay, these are just internal flags, /* Okay, these are just internal flags,
* but doesn't hurt to check */ * but doesn't hurt to check */
...@@ -3288,6 +3289,12 @@ int qemuProcessStart(virConnectPtr conn, ...@@ -3288,6 +3289,12 @@ int qemuProcessStart(virConnectPtr conn,
VIR_QEMU_PROCESS_START_PAUSED | VIR_QEMU_PROCESS_START_PAUSED |
VIR_QEMU_PROCESS_START_AUTODESROY, -1); VIR_QEMU_PROCESS_START_AUTODESROY, -1);
/* From now on until domain security labeling is done:
* if any operation fails and we goto cleanup, we must not
* restore any security label as we would overwrite labels
* we did not set. */
stop_flags = VIR_QEMU_PROCESS_STOP_NO_RELABEL;
hookData.conn = conn; hookData.conn = conn;
hookData.vm = vm; hookData.vm = vm;
hookData.driver = driver; hookData.driver = driver;
...@@ -3631,6 +3638,12 @@ int qemuProcessStart(virConnectPtr conn, ...@@ -3631,6 +3638,12 @@ int qemuProcessStart(virConnectPtr conn,
vm->def, stdin_path) < 0) vm->def, stdin_path) < 0)
goto cleanup; goto cleanup;
/* Security manager labeled all devices, therefore
* if any operation from now on fails and we goto cleanup,
* where virSecurityManagerRestoreAllLabel() is called
* (hidden under qemuProcessStop) we need to restore labels. */
stop_flags &= ~VIR_QEMU_PROCESS_STOP_NO_RELABEL;
if (stdin_fd != -1) { if (stdin_fd != -1) {
/* if there's an fd to migrate from, and it's a pipe, put the /* if there's an fd to migrate from, and it's a pipe, put the
* proper security label on it * proper security label on it
...@@ -3770,7 +3783,7 @@ cleanup: ...@@ -3770,7 +3783,7 @@ cleanup:
VIR_FREE(nodemask); VIR_FREE(nodemask);
virCommandFree(cmd); virCommandFree(cmd);
VIR_FORCE_CLOSE(logfile); VIR_FORCE_CLOSE(logfile);
qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED, 0); qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED, stop_flags);
return -1; return -1;
} }
...@@ -3983,10 +3996,11 @@ void qemuProcessStop(struct qemud_driver *driver, ...@@ -3983,10 +3996,11 @@ void qemuProcessStop(struct qemud_driver *driver,
VIR_FREE(xml); VIR_FREE(xml);
} }
/* Reset Security Labels */ /* Reset Security Labels unless caller don't want us to */
virSecurityManagerRestoreAllLabel(driver->securityManager, if (!(flags & VIR_QEMU_PROCESS_STOP_NO_RELABEL))
vm->def, virSecurityManagerRestoreAllLabel(driver->securityManager,
flags & VIR_QEMU_PROCESS_STOP_MIGRATED); vm->def,
flags & VIR_QEMU_PROCESS_STOP_MIGRATED);
virSecurityManagerReleaseLabel(driver->securityManager, vm->def); virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
/* Clear out dynamically assigned labels */ /* Clear out dynamically assigned labels */
......
...@@ -61,7 +61,8 @@ int qemuProcessStart(virConnectPtr conn, ...@@ -61,7 +61,8 @@ int qemuProcessStart(virConnectPtr conn,
unsigned int flags); unsigned int flags);
typedef enum { typedef enum {
VIR_QEMU_PROCESS_STOP_MIGRATED = 1 << 0, VIR_QEMU_PROCESS_STOP_MIGRATED = 1 << 0,
VIR_QEMU_PROCESS_STOP_NO_RELABEL = 1 << 1,
} qemuProcessStopFlags; } qemuProcessStopFlags;
void qemuProcessStop(struct qemud_driver *driver, void qemuProcessStop(struct qemud_driver *driver,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册