libvirt/src
Peter Krempa 8967ad7be6 qemu: backup: Restore security label on backup disk store image on VM termination
When the backup job is terminated normally the security label is
restored by the blockjob finishing handler.

If the VM dies or is destroyed that wouldn't happen as the blockjob
handler wouldn't be called.

Restore the security label on disk store where we remember that the job
was running at the point when 'qemuBackupJobTerminate' was called.

Not resetting the security label means that we also leak the xattr
attributes remembering the label which prevents any further use of the
file, which is a problem for block devices.

This also requires that the call to 'qemuBackupJobTerminate' from
'qemuProcessStop' happens only after 'vm->pid' was reset as otherwise
the security subdrivers attempt to enter the process namespace which
fails if the process isn't running any more.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1939082
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-19 16:41:39 +01:00
..
access access: replace VIR_FREE with g_free in all *Dispose() functions 2021-02-05 00:22:09 -05:00
admin Use g_steal_pointer where possible 2021-03-01 15:54:42 +01:00
bhyve lib: Put some variable declarations on individual lines 2021-03-15 09:38:18 +01:00
conf conf: introduce support for firmware auto-selection feature filtering 2021-03-18 18:42:26 +01:00
cpu virCPUx86DataParse: Don't check error from x86FeatureNames 2021-03-02 09:50:19 +01:00
cpu_map cpu_map: Fix spelling of svme-addr-chk feature 2021-03-04 09:33:39 +01:00
esx esx: use g_autofree for datastoreRelatedPath 2021-02-18 13:54:02 +01:00
hyperv hyperv: abort() failure of wsmc_fault_new() 2021-03-02 09:50:19 +01:00
hypervisor lib: Put some variable declarations on individual lines 2021-03-15 09:38:18 +01:00
interface lib: Replace virFileMakePathWithMode() with g_mkdir_with_parents() 2021-03-04 20:52:23 +01:00
keycodemapdb@27acf0ef82
libxl lib: Put some variable declarations on individual lines 2021-03-15 09:38:18 +01:00
locking virtlo(g|ck)d: Fix exec-restart 2021-03-12 16:08:28 +01:00
logging virtlo(g|ck)d: Fix exec-restart 2021-03-12 16:08:28 +01:00
lxc lib: Put some variable declarations on individual lines 2021-03-15 09:38:18 +01:00
network lib: Put some variable declarations on individual lines 2021-03-15 09:38:18 +01:00
node_device nodedev: Don't crash when exiting before init is done 2021-03-18 13:09:44 +01:00
nwfilter lib: Put some variable declarations on individual lines 2021-03-15 09:38:18 +01:00
openvz lib: Put some variable declarations on individual lines 2021-03-15 09:38:18 +01:00
qemu qemu: backup: Restore security label on backup disk store image on VM termination 2021-03-19 16:41:39 +01:00
remote migration/dirtyrate: Introduce virDomainStartDirtyRateCalc API 2021-03-18 08:50:25 +01:00
rpc lib: Put some variable declarations on individual lines 2021-03-15 09:38:18 +01:00
secret lib: Replace virFileMakePathWithMode() with g_mkdir_with_parents() 2021-03-04 20:52:23 +01:00
security lib: Put some variable declarations on individual lines 2021-03-15 09:38:18 +01:00
storage lib: Replace virFileMakePath() with g_mkdir_with_parents() 2021-03-04 20:52:23 +01:00
storage_file storage: Don't report OOM error on failure of glfs_new 2021-03-02 09:50:20 +01:00
test lib: Put some variable declarations on individual lines 2021-03-15 09:38:18 +01:00
util virxml: Fix possible memory leak in virXMLNodeContentString() 2021-03-18 12:45:05 +01:00
vbox virVBoxSnapshotConfSaveVboxFile: abort() on failure to allocate xmlDoc and comment 2021-03-02 09:50:20 +01:00
vmware vmware: convert VIR_FREE to g_free in other functions that free their arg 2021-02-12 12:10:38 -05:00
vmx virIndexToDiskName: Make 'idx' unsigned and remove check 2021-03-05 15:33:34 +01:00
vz lib: Put some variable declarations on individual lines 2021-03-15 09:38:18 +01:00
admin_protocol-structs
datatypes.c datatypes: replace VIR_FREE with g_free in all *Dispose() functions 2021-02-05 00:22:09 -05:00
datatypes.h datatypes.h: register AUTOPTR_CLEANUP_FUNC for virNodeDevicePtr 2021-02-17 15:47:47 -03:00
driver-hypervisor.h migration/dirtyrate: Introduce virDomainStartDirtyRateCalc API 2021-03-18 08:50:25 +01:00
driver-interface.h
driver-network.h
driver-nodedev.h
driver-nwfilter.h
driver-secret.h
driver-state.h
driver-storage.h
driver-stream.h
driver.c log error if virConnectCacheOnceInit() fails 2021-02-02 00:27:27 -05:00
driver.h src: don't hide error in VIR_DRV_SUPPORTS_FEATURE 2021-01-06 17:10:10 +03:00
internal.h internal.h: Introduce and use VIR_IS_POW2() 2020-12-04 16:24:19 +01:00
libvirt_driver_modules.syms
libvirt_esx.syms
libvirt_internal.h
libvirt_libssh2.syms
libvirt_libssh.syms
libvirt_linux.syms
libvirt_lxc.syms
libvirt_openvz.syms
libvirt_private.syms src: ensure GSource background unref happens in correct event loop 2021-03-17 09:16:05 +00:00
libvirt_probes.d
libvirt_public.syms migration/dirtyrate: Introduce virDomainStartDirtyRateCalc API 2021-03-18 08:50:25 +01:00
libvirt_qemu.syms
libvirt_remote.syms virnetdaemon: Introduce virNetDaemonQuitExecRestart 2021-03-12 16:08:28 +01:00
libvirt_sasl.syms
libvirt_vmware.syms
libvirt_vmx.syms
libvirt-domain-checkpoint.c
libvirt-domain-snapshot.c api: Discourage use of VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE 2021-02-16 12:25:30 +01:00
libvirt-domain.c migration/dirtyrate: Extend dirtyrate statistics for domGetStats 2021-03-18 08:50:25 +01:00
libvirt-host.c src: adopt to VIR_DRV_SUPPORTS_FEATURE return -1 2021-01-06 17:10:01 +03:00
libvirt-interface.c
libvirt-lxc.c use more virStrcpy() and virStrcpyStatic() 2021-01-04 20:18:24 +01:00
libvirt-lxc.pc.in
libvirt-network.c lib: Debug print all arguments of virNetworkUpdate() 2021-03-16 09:17:08 +01:00
libvirt-nodedev.c virsh: nodedev: filter by AP Matrix capability 2020-12-09 14:03:05 +01:00
libvirt-nwfilter.c
libvirt-qemu.c
libvirt-qemu.pc.in
libvirt-secret.c
libvirt-storage.c
libvirt-stream.c
libvirt.c virConnectOpen: Require root dir to be absolute path 2021-03-12 15:40:13 +01:00
libvirt.conf
libvirt.pc.in
lock_protocol-structs
lxc_monitor_protocol-structs
lxc_protocol-structs
meson.build src: ensure GSource background unref happens in correct event loop 2021-03-17 09:16:05 +00:00
qemu_protocol-structs
README
remote_protocol-structs migration/dirtyrate: Introduce virDomainStartDirtyRateCalc API 2021-03-18 08:50:25 +01:00
virkeepaliveprotocol-structs
virnetprotocol-structs

       libvirt library code README
       ===========================

The directory provides the bulk of the libvirt codebase. Everything
except for the libvirtd daemon and client tools. The build uses a
large number of libtool convenience libraries - one for each child
directory, and then links them together for the final libvirt.so,
although some bits get linked directly to libvirtd daemon instead.

The files directly in this directory are supporting the public API
entry points & data structures.

There are two core shared modules to be aware of:

 * util/  - a collection of shared APIs that can be used by any
            code. This directory is always in the include path
            for all things built

 * conf/  - APIs for parsing / manipulating all the official XML
            files used by the public API. This directory is only
            in the include path for driver implementation modules

 * vmx/   - VMware VMX config handling (used by esx/ and vmware/)


Then there are the hypervisor implementations:

 * bhyve         - bhyve - The BSD Hypervisor
 * esx/          - VMware ESX and GSX support using vSphere API over SOAP
 * hyperv/       - Microsoft Hyper-V support using WinRM
 * lxc/          - Linux Native Containers
 * openvz/       - OpenVZ containers using cli tools
 * qemu/         - QEMU / KVM using qemu CLI/monitor
 * remote/       - Generic libvirt native RPC client
 * test/         - A "mock" driver for testing
 * vbox/         - Virtual Box using native API
 * vmware/       - VMware Workstation and Player using the vmrun tool
 * xen/          - Xen using hypercalls, XenD SEXPR & XenStore


Finally some secondary drivers that are shared for several HVs.
Currently these are used by LXC, OpenVZ, QEMU and Xen drivers.
The ESX, Hyper-V, Remote, Test & VirtualBox drivers all
implement the secondary drivers directly

 * cpu/          - CPU feature management
 * interface/    - Host network interface management
 * network/      - Virtual NAT networking
 * nwfilter/     - Network traffic filtering rules
 * node_device/  - Host device enumeration
 * secret/       - Secret management
 * security/     - Mandatory access control drivers
 * storage/      - Storage management drivers


Since both the hypervisor and secondary drivers can be built as
dlopen()able modules, it is *FORBIDDEN* to have build dependencies
between these directories. Drivers are only allowed to depend on
the public API, and the internal APIs in the util/ and conf/
directories