[libvirt] [PATCH] Set security label on FD for virDomainOpenGraphics
Michal Privoznik
mprivozn at redhat.com
Thu Aug 22 11:52:17 UTC 2013
On 22.08.2013 13:39, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> The virDomainOpenGraphics method accepts a UNIX socket FD from
> the client app. It must set the label on this FD otherwise QEMU
> will be prevented from receiving it with recvmsg.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
(*)
> ---
> src/qemu/qemu_driver.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 5124f27..0a8e518 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -14777,6 +14777,10 @@ qemuDomainOpenGraphics(virDomainPtr dom,
> goto cleanup;
> }
>
> + if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
> + fd) < 0)
> + goto cleanup;
> +
> if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
> goto cleanup;
> qemuDomainObjEnterMonitor(driver, vm);
>
ACK
Michal
* Side note - I've noticed more and more signed-off patches. Does this
mean we are seamlessly moving to make it a standard?
More information about the libvir-list
mailing list