mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-13 01:29:16 +00:00
5ac2439a83
Some secdrivers (typically SELinux driver) generate unique
dynamic seclabel for each domain (unless a static one is
requested in domain XML). This is achieved by calling
qemuSecurityGenLabel() from qemuProcessPrepareDomain() which
allocates unique seclabel and stores it in domain def->seclabels.
The counterpart is qemuSecurityReleaseLabel() which releases the
label and removes it from def->seclabels. Problem is, that with
current code the qemuProcessStop() may still want to use the
seclabel after it was released, e.g. when it wants to restore the
label of a disk mirror.
What is happening now, is that in qemuProcessStop() the
qemuSecurityReleaseLabel() is called, which removes the SELinux
seclabel from def->seclabels, yada yada yada and eventually
qemuSecurityRestoreImageLabel() is called. This bubbles down to
virSecuritySELinuxRestoreImageLabelSingle() which find no SELinux
seclabel (using virDomainDefGetSecurityLabelDef()) and this
returns early doing nothing.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1751664
Fixes:
|
||
|---|---|---|
| .. | ||
| EVENTHANDLERS.txt | ||
| libvirt_qemu_probes.d | ||
| libvirtd_qemu.aug | ||
| meson.build | ||
| MIGRATION.txt | ||
| qemu_agent.c | ||
| qemu_agent.h | ||
| qemu_alias.c | ||
| qemu_alias.h | ||
| qemu_backup.c | ||
| qemu_backup.h | ||
| qemu_block.c | ||
| qemu_block.h | ||
| qemu_blockjob.c | ||
| qemu_blockjob.h | ||
| qemu_capabilities.c | ||
| qemu_capabilities.h | ||
| qemu_capspriv.h | ||
| qemu_cgroup.c | ||
| qemu_cgroup.h | ||
| qemu_checkpoint.c | ||
| qemu_checkpoint.h | ||
| qemu_command.c | ||
| qemu_command.h | ||
| qemu_conf.c | ||
| qemu_conf.h | ||
| qemu_dbus.c | ||
| qemu_dbus.h | ||
| qemu_domain_address.c | ||
| qemu_domain_address.h | ||
| qemu_domain.c | ||
| qemu_domain.h | ||
| qemu_domainjob.c | ||
| qemu_domainjob.h | ||
| qemu_driver.c | ||
| qemu_driver.h | ||
| qemu_extdevice.c | ||
| qemu_extdevice.h | ||
| qemu_firmware.c | ||
| qemu_firmware.h | ||
| qemu_hostdev.c | ||
| qemu_hostdev.h | ||
| qemu_hotplug.c | ||
| qemu_hotplug.h | ||
| qemu_interface.c | ||
| qemu_interface.h | ||
| qemu_interop_config.c | ||
| qemu_interop_config.h | ||
| qemu_migration_cookie.c | ||
| qemu_migration_cookie.h | ||
| qemu_migration_params.c | ||
| qemu_migration_params.h | ||
| qemu_migration_paramspriv.h | ||
| qemu_migration.c | ||
| qemu_migration.h | ||
| qemu_monitor_json.c | ||
| qemu_monitor_json.h | ||
| qemu_monitor_priv.h | ||
| qemu_monitor_text.c | ||
| qemu_monitor_text.h | ||
| qemu_monitor.c | ||
| qemu_monitor.h | ||
| qemu_namespace.c | ||
| qemu_namespace.h | ||
| qemu_process.c | ||
| qemu_process.h | ||
| qemu_processpriv.h | ||
| qemu_qapi.c | ||
| qemu_qapi.h | ||
| qemu_saveimage.c | ||
| qemu_saveimage.h | ||
| qemu_security.c | ||
| qemu_security.h | ||
| qemu_shim.c | ||
| qemu_slirp.c | ||
| qemu_slirp.h | ||
| qemu_snapshot.c | ||
| qemu_snapshot.h | ||
| qemu_tpm.c | ||
| qemu_tpm.h | ||
| qemu_validate.c | ||
| qemu_validate.h | ||
| qemu_vhost_user_gpu.c | ||
| qemu_vhost_user_gpu.h | ||
| qemu_vhost_user.c | ||
| qemu_vhost_user.h | ||
| qemu_virtiofs.c | ||
| qemu_virtiofs.h | ||
| qemu.conf | ||
| test_libvirtd_qemu.aug.in | ||
| THREADS.txt | ||
| virtqemud.init.in | ||
| virtqemud.service.in | ||
| virtqemud.sysconf | ||