[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 01/11] qemuDomainAttachSCSIVHostDevice: Prefer qemuSecurity wrappers



On Wed, Feb 08, 2017 at 11:37:04 +0100, Michal Privoznik wrote:
> Since we have qemuSecurity wrappers over
> virSecurityManagerSetHostdevLabel and
> virSecurityManagerRestoreHostdevLabel we ought to use them
> instead of calling secdriver APIs directly.

Also it possibly would be worth mentioning that without those wrappers
the labelling won't be done in the correct namespace and thus won't
apply to the nodes seen by qemu itself.

I presume that that bug actually motivated you do do so.

> 
> Signed-off-by: Michal Privoznik <mprivozn redhat com>
> ---
>  src/qemu/qemu_hotplug.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
> index e272df356..dd6e31823 100644
> --- a/src/qemu/qemu_hotplug.c
> +++ b/src/qemu/qemu_hotplug.c
> @@ -2552,8 +2552,7 @@ qemuDomainAttachSCSIVHostDevice(virQEMUDriverPtr driver,
>          goto cleanup;
>      teardowncgroup = true;
>  
> -    if (virSecurityManagerSetHostdevLabel(driver->securityManager,
> -                                          vm->def, hostdev, NULL) < 0)
> +    if (qemuSecuritySetHostdevLabel(driver, vm, hostdev) < 0)
>          goto cleanup;
>      teardownlabel = true;
>  
> @@ -2612,8 +2611,7 @@ qemuDomainAttachSCSIVHostDevice(virQEMUDriverPtr driver,
>          if (teardowncgroup && qemuTeardownHostdevCgroup(vm, hostdev) < 0)
>              VIR_WARN("Unable to remove host device cgroup ACL on hotplug fail");
>          if (teardownlabel &&
> -            virSecurityManagerRestoreHostdevLabel(driver->securityManager,
> -                                                  vm->def, hostdev, NULL) < 0)
> +            qemuSecurityRestoreHostdevLabel(driver, vm, hostdev) < 0)
>              VIR_WARN("Unable to restore host device labelling on hotplug fail");
>          if (releaseaddr)
>              qemuDomainReleaseDeviceAddress(vm, hostdev->info, NULL);

ACK with commit message fixed.

Attachment: signature.asc
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]