selinux: relabel tapfd in qemuPhysIfaceConnect

Relabeling tapfd right after the tap device is created. qemuPhysIfaceConnect is common function called both for static netdevs and for hotplug netdevs. (cherry picked from commit 4492ef7f48)
2024-12-28 08:35:22 +00:00 · 2012-10-19 16:44:30 +08:00 · 2012-10-19 16:44:30 +08:00 · cefa64cafd
commit cefa64cafd
parent ec08a738e8
1 changed files with 14 additions and 4 deletions
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@ -170,12 +170,26 @@ qemuPhysIfaceConnect(virDomainDefPtr def,
        vmop, driver->stateDir,
        virDomainNetGetActualBandwidth(net));
    if (rc >= 0) {
+        if (virSecurityManagerSetTapFDLabel(driver->securityManager,
+                                            def, rc) < 0)
+            goto error;
+
        virDomainAuditNetDevice(def, net, res_ifname, true);
        VIR_FREE(net->ifname);
        net->ifname = res_ifname;
    }

    return rc;
+
+error:
+    ignore_value(virNetDevMacVLanDeleteWithVPortProfile(
+                     res_ifname, &net->mac,
+                     virDomainNetGetActualDirectDev(net),
+                     virDomainNetGetActualDirectMode(net),
+                     virDomainNetGetActualVirtPortProfile(net),
+                     driver->stateDir));
+    VIR_FREE(res_ifname);
+    return -1;
 }


@ -5474,10 +5488,6 @@ qemuBuildCommandLine(virConnectPtr conn,
                if (tapfd < 0)
                    goto error;

-                if (virSecurityManagerSetTapFDLabel(driver->securityManager,
-                                                    def, tapfd) < 0)
-                    goto error;
-
                last_good_net = i;
                virCommandTransferFD(cmd, tapfd);