[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] qemu: Log error if domain uses security driver which is not loaded



On Tue, May 05, 2015 at 03:09:12PM +0200, Martin Kletzander wrote:
> On Tue, May 05, 2015 at 02:14:24PM +0200, Erik Skultety wrote:
> >When starting a domain, if we find out domain requests security drivers
> >we do not have loaded, we fail. However we don't check for this during
> >reconnect, so any operation relying on security driver functionality would fail.
> >If someone e.g. starts a domain with selinux driver loaded, then they turn off
> >the security driver in config, restart the daemon and call dump/save/..,
> >QEMU returns an error.
> >As we shouldn't kill the domain, we should at least log an error to let the
> >user know that domain reconnect wasn't completely clean.
> >
> >https://bugzilla.redhat.com/show_bug.cgi?id=1183893
> >---
> > src/qemu/qemu_process.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >

ACK

> >diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> >index 56719eb..8da79e5 100644
> >--- a/src/qemu/qemu_process.c
> >+++ b/src/qemu/qemu_process.c
> >@@ -3747,6 +3747,12 @@ qemuProcessReconnect(void *opaque)
> >         if ((qemuDomainAssignAddresses(obj->def, priv->qemuCaps, obj)) < 0)
> >             goto error;
> >
> >+    /* if domain requests security driver we haven't loaded, report error, but
> >+     * do not kill the domain
> >+     */
> >+    ignore_value(virSecurityManagerCheckAllLabel(driver->securityManager,
> >+                                                 obj->def));
> >+
> 
> Shouldn't you reset any possible error after that?
> 

Why? It's already logged and nobody will ever look at it after this
function (called in a separate thread) ends.

Jan

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]