mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 09:53:10 +00:00
lxc: Restore seclabels after the container is killed
Due to a bug the seclabels are restored before any PID in the container is killed. This should be done afterwards in virLXCProcessCleanup. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
This commit is contained in:
parent
401030499b
commit
16c123679c
@ -180,6 +180,17 @@ static void virLXCProcessCleanup(virLXCDriverPtr driver,
|
||||
VIR_FREE(xml);
|
||||
}
|
||||
|
||||
virSecurityManagerRestoreAllLabel(driver->securityManager,
|
||||
vm->def, false, false);
|
||||
virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
|
||||
/* Clear out dynamically assigned labels */
|
||||
if (vm->def->nseclabels &&
|
||||
vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
|
||||
VIR_FREE(vm->def->seclabels[0]->model);
|
||||
VIR_FREE(vm->def->seclabels[0]->label);
|
||||
VIR_FREE(vm->def->seclabels[0]->imagelabel);
|
||||
}
|
||||
|
||||
/* Stop autodestroy in case guest is restarted */
|
||||
virCloseCallbacksUnset(driver->closeCallbacks, vm,
|
||||
lxcProcessAutoDestroy);
|
||||
@ -836,17 +847,6 @@ int virLXCProcessStop(virLXCDriverPtr driver,
|
||||
|
||||
priv = vm->privateData;
|
||||
|
||||
virSecurityManagerRestoreAllLabel(driver->securityManager,
|
||||
vm->def, false, false);
|
||||
virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
|
||||
/* Clear out dynamically assigned labels */
|
||||
if (vm->def->nseclabels &&
|
||||
vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
|
||||
VIR_FREE(vm->def->seclabels[0]->model);
|
||||
VIR_FREE(vm->def->seclabels[0]->label);
|
||||
VIR_FREE(vm->def->seclabels[0]->imagelabel);
|
||||
}
|
||||
|
||||
/* If the LXC domain is suspended we send all processes a SIGKILL
|
||||
* and thaw them. Upon wakeup the process sees the pending signal
|
||||
* and dies immediately. It is guaranteed that priv->cgroup != NULL
|
||||
|
Loading…
Reference in New Issue
Block a user