mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 09:53:10 +00:00
qemu: Log error if domain uses security driver which is not loaded
When starting a domain, if a domain specifies security drivers we do not have loaded, we fail. However we don't check for this during reconnect, so any operation relying on security driver functionality would fail. If someone e.g. starts a domain with selinux driver loaded, then they change the security driver to 'none' in config, restart the daemon and call dump/save/.., QEMU will return an error. As we shouldn't kill the domain, we should at least log an error to let the user know that domain reconnect wasn't completely clean. https://bugzilla.redhat.com/show_bug.cgi?id=1183893
This commit is contained in:
parent
aef2a0a26c
commit
fb0b9a2cc5
@ -3749,6 +3749,12 @@ qemuProcessReconnect(void *opaque)
|
||||
if ((qemuDomainAssignAddresses(obj->def, priv->qemuCaps, obj)) < 0)
|
||||
goto error;
|
||||
|
||||
/* if domain requests security driver we haven't loaded, report error, but
|
||||
* do not kill the domain
|
||||
*/
|
||||
ignore_value(virSecurityManagerCheckAllLabel(driver->securityManager,
|
||||
obj->def));
|
||||
|
||||
if (virSecurityManagerReserveLabel(driver->securityManager, obj->def, obj->pid) < 0)
|
||||
goto error;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user