selinux: relabel tapfd in qemuPhysIfaceConnect

Relabeling tapfd right after the tap device is created. qemuPhysIfaceConnect is common function called both for static netdevs and for hotplug netdevs.
2025-01-31 00:45:18 +00:00 · 2012-10-19 16:44:30 +08:00 · 2012-10-19 16:44:30 +08:00 · 4492ef7f48
commit 4492ef7f48
parent 8d75e47ede
1 changed files with 14 additions and 4 deletions
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@ -170,12 +170,26 @@ qemuPhysIfaceConnect(virDomainDefPtr def,
        vmop, driver->stateDir,
        virDomainNetGetActualBandwidth(net));
    if (rc >= 0) {
+        if (virSecurityManagerSetTapFDLabel(driver->securityManager,
+                                            def, rc) < 0)
+            goto error;
+
        virDomainAuditNetDevice(def, net, res_ifname, true);
        VIR_FREE(net->ifname);
        net->ifname = res_ifname;
    }

    return rc;
+
+error:
+    ignore_value(virNetDevMacVLanDeleteWithVPortProfile(
+                     res_ifname, &net->mac,
+                     virDomainNetGetActualDirectDev(net),
+                     virDomainNetGetActualDirectMode(net),
+                     virDomainNetGetActualVirtPortProfile(net),
+                     driver->stateDir));
+    VIR_FREE(res_ifname);
+    return -1;
 }


@ -5446,10 +5460,6 @@ qemuBuildCommandLine(virConnectPtr conn,
                if (tapfd < 0)
                    goto error;

-                if (virSecurityManagerSetTapFDLabel(driver->securityManager,
-                                                    def, tapfd) < 0)
-                    goto error;
-
                last_good_net = i;
                virCommandTransferFD(cmd, tapfd);