From cefa64cafd63c4426ddb5cbc9ca360a432d46022 Mon Sep 17 00:00:00 2001
From: Guannan Ren <gren@redhat.com>
Date: Fri, 19 Oct 2012 16:44:30 +0800
Subject: [PATCH] selinux: relabel tapfd in qemuPhysIfaceConnect

Relabeling tapfd right after the tap device is created.
qemuPhysIfaceConnect is common function called both for static
netdevs and for hotplug netdevs.
(cherry picked from commit 4492ef7f485a7d42d84a714d2150e648b11e2740)
---
 src/qemu/qemu_command.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index d2288575be..755f8278de 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -170,12 +170,26 @@ qemuPhysIfaceConnect(virDomainDefPtr def,
         vmop, driver->stateDir,
         virDomainNetGetActualBandwidth(net));
     if (rc >= 0) {
+        if (virSecurityManagerSetTapFDLabel(driver->securityManager,
+                                            def, rc) < 0)
+            goto error;
+
         virDomainAuditNetDevice(def, net, res_ifname, true);
         VIR_FREE(net->ifname);
         net->ifname = res_ifname;
     }
 
     return rc;
+
+error:
+    ignore_value(virNetDevMacVLanDeleteWithVPortProfile(
+                     res_ifname, &net->mac,
+                     virDomainNetGetActualDirectDev(net),
+                     virDomainNetGetActualDirectMode(net),
+                     virDomainNetGetActualVirtPortProfile(net),
+                     driver->stateDir));
+    VIR_FREE(res_ifname);
+    return -1;
 }
 
 
@@ -5474,10 +5488,6 @@ qemuBuildCommandLine(virConnectPtr conn,
                 if (tapfd < 0)
                     goto error;
 
-                if (virSecurityManagerSetTapFDLabel(driver->securityManager,
-                                                    def, tapfd) < 0)
-                    goto error;
-
                 last_good_net = i;
                 virCommandTransferFD(cmd, tapfd);