[libvirt] [PATCH v4 00/23] Introduce metadata locking
Bjoern Walk
bwalk at linux.ibm.com
Wed Sep 12 05:19:49 UTC 2018
Michal Privoznik <mprivozn at redhat.com> [2018-09-10, 11:36AM +0200]:
> Technically, this is v4 of:
>
> https://www.redhat.com/archives/libvir-list/2018-August/msg01627.html
>
> However, this is implementing different approach than any of the
> previous versions.
>
> One of the problems with previous version was that it was too
> complicated. The main reason for that was that we could not close the
> connection whilst there was a file locked. So we had to invent a
> mechanism that would prevent that (on the client side).
>
> These patches implement different approach. They rely on secdriver's
> transactions which bring all the paths we want to label into one place
> so that they can be relabelled within different namespace.
> I'm extending this idea so that transactions run all the time
> (regardless of domain namespacing) and only at the very last moment is
> decided which namespace would the relabeling run in.
>
> Metadata locking is then as easy as putting lock/unlock calls around one
> function.
>
> You can find the patches at my github too:
>
> https://github.com/zippy2/libvirt/tree/disk_metadata_lock_v4_alt
Hey Michal,
is was running a quick test with this patch series with two domains
sharing a disk image without <shareable/> and SELinux enabled. When
starting the second domain, the whole libvirtd daemon hangs for almost a
minute until giving the error that the image is locked. I haven't
debugged it yet to figure out what happens.
Otherwise it's looking good, relabeling is prevented as expected.
Bjoern
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 902 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180912/5408bc69/attachment-0001.sig>
More information about the libvir-list
mailing list