[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCHv5 00/13] outgoing fd: migration and virFileOpenAs

This addresses the comments raised during v4:
More comments in individual patches.

It could still use a bit more testing with root-squash NFS, and I'm
also hitting a problem where if I run daemon/libvirtd myself, I
get a SELinux error:

error: unable to set security context 'system_u:object_r:svirt_image_t:s0:c80,c237' on fd 23: Permission denied

but if I run the system service libvirtd or SELinux permissive, things
work.  Somehow, the attempt to set the fd SELinux label on a pipe is
not working when libvirt is started as an unconfined process (that is,
the fd has label
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023) but when
started as a daemon, SELinux is happy to allow the transition.  I
suspect that this is a bug in SELinux, since my understanding is that
it should always be possible to go from unconfined to something more
restrictive, but we already proved that SELinux fd labelling is
relatively unused and untested back when we first added it in commit

If possible, I'd like to get this in before the 0.9.0 freeze, and we
can fix any fallout from testing during the freeze week.

Eric Blake (13):
  util: allow clearing cloexec bit
  qemu: fix restoring a compressed save image
  qemu: allow simple domain save to use fd: protocol
  util: use SCM_RIGHTS in virFileOperation when needed
  qemu: simplify domain save fd handling
  storage: simplify fd handling
  util: rename virFileOperation to virFileOpenAs
  util: adjust indentation in previous patch
  qemu, storage: improve type safety
  qemu: use common API for reading difficult files
  qemu: consolidate migration to file code
  qemu: skip granting access during fd migration
  qemu: support fd: migration with compression

 src/libvirt_private.syms      |    3 +-
 src/qemu/qemu_command.c       |   16 ++
 src/qemu/qemu_driver.c        |  500 +++++++++--------------------------------
 src/qemu/qemu_migration.c     |  139 ++++++++++++
 src/qemu/qemu_migration.h     |    8 +
 src/storage/storage_backend.c |   78 ++++---
 src/util/util.c               |  176 ++++++++++-----
 src/util/util.h               |   16 +-
 tests/qemuxml2argvtest.c      |    2 +-
 9 files changed, 448 insertions(+), 490 deletions(-)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]