[libvirt] [PATCH] Set security label on FD for virDomainOpenGraphics

Thu Aug 22 11:52:17 UTC 2013

On 22.08.2013 13:39, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
> 
> The virDomainOpenGraphics method accepts a UNIX socket FD from
> the client app. It must set the label on this FD otherwise QEMU
> will be prevented from receiving it with recvmsg.
> 
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>

(*)

> ---
>  src/qemu/qemu_driver.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 5124f27..0a8e518 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -14777,6 +14777,10 @@ qemuDomainOpenGraphics(virDomainPtr dom,
>          goto cleanup;
>      }
>  
> +    if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
> +                                          fd) < 0)
> +        goto cleanup;
> +
>      if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
>          goto cleanup;
>      qemuDomainObjEnterMonitor(driver, vm);
> 

ACK

Michal

* Side note - I've noticed more and more signed-off patches. Does this
mean we are seamlessly moving to make it a standard?