Allow domain disk images on root-squash NFS to coexist with security driver.

(suggested by Daniel Berrange, tested by Dan Kenigsberg)

virStorageFileGetMetadata will fail for disk images that are stored on
a root-squash NFS share that isn't world-readable.
SELinuxSetSecurityImageLabel is called during the startup of every
domain (as long as security_driver != "none"), and it will propogate
the error from virStorageFileGetMetadata, causing the domain startup
to fail. This is, however, a common scenario when qemu is run as a
non-root user and the disk image is stored on NFS.

Ignoring this failure (which doesn't matter in this case, since the
next thing done by SELinuxSetSecurityImageLabel - setting the file
context - will also fail (and that function already ignores failures
due to root-squash NFS) will allow us to continue bringing up the
domain. The result is that we don't need to disable the entire
security driver just because a domain's disk image is stored on
root-squashed NFS.
This commit is contained in:
Laine Stump 2010-04-01 11:58:34 -04:00
parent 78151ec96e
commit 8a7b4be5ab

View File

@ -430,7 +430,7 @@ SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
path = NULL;
if (ret < 0)
return -1;
break;
if (meta.backingStore != NULL &&
SELinuxSetFilecon(meta.backingStore,