[libvirt] [PATCH] migration: do not restore labels on failed migration
Eric Blake
eblake at redhat.com
Wed Aug 21 14:12:01 UTC 2013
On 08/21/2013 06:54 AM, Daniel P. Berrange wrote:
> On Tue, Aug 20, 2013 at 04:46:47PM -0600, Eric Blake wrote:
>> https://bugzilla.redhat.com/show_bug.cgi?id=822052
>>
>> When doing a live migration, if the destination fails for any
>> reason after the point in which files should be labeled, then
>> the cleanup of the destination would restore the labels to their
>> defaults, even though the source is still trying to continue
>> running with the image open. Bug 822052 mentioned one source
>> of live migration failure - a mismatch in SELinux virt_use_nfs
>> settings (on for source, off for destination); but I found other
>> situations that would also trigger it (for example, having a
>> graphics device tied to port 5999 on the source, and a different
>> domain on the destination already using that port, so that the
>> destination cannot reuse the port).
>>
>> In short, just as cleanup of the source on a successful migration
>> must not relabel files (because the destination would be crippled
>> by the relabel), cleanup of the destination on a failed migraion
>> must not relabel files (because the source would be crippled).
>>
>> * src/qemu/qemu_process.c (qemuProcessStart): Set flag to avoid
>> label restoration when cleaning up on failed migration.
>>
>> Signed-off-by: Eric Blake <eblake at redhat.com>
>> ---
>> src/qemu/qemu_process.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
>> index 31de759..d727fc4 100644
>> --- a/src/qemu/qemu_process.c
>> +++ b/src/qemu/qemu_process.c
>> @@ -3466,6 +3466,10 @@ int qemuProcessStart(virConnectPtr conn,
>> * restore any security label as we would overwrite labels
>> * we did not set. */
>> stop_flags = VIR_QEMU_PROCESS_STOP_NO_RELABEL;
>> + /* If we fail while doing incoming migration, then we must not
>> + * relabel, as the source is still using the files. */
>> + if (migrateFrom)
>> + stop_flags |= VIR_QEMU_PROCESS_STOP_MIGRATED;
>>
>> hookData.conn = conn;
>> hookData.vm = vm;
>
> ACK
Thanks; pushed.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130821/891fd8d4/attachment-0001.sig>
More information about the libvir-list
mailing list