};
-static int
-qemuSecuritySetRestoreAllLabelHelper(pid_t pid,
- void *opaque)
-{
- struct qemuSecuritySetRestoreAllLabelData *data = opaque;
-
- virSecurityManagerPostFork(data->driver->securityManager);
-
- if (data->set) {
- VIR_DEBUG("Setting up security labels inside namespace pid=%lld",
- (long long) pid);
- if (virSecurityManagerSetAllLabel(data->driver->securityManager,
- data->vm->def,
- data->stdin_path) < 0)
- return -1;
- } else {
- VIR_DEBUG("Restoring security labels inside namespace pid=%lld",
- (long long) pid);
- if (virSecurityManagerRestoreAllLabel(data->driver->securityManager,
- data->vm->def,
- data->migrated) < 0)
- return -1;
- }
-
- return 0;
-}
-
-
int
qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
const char *stdin_path)
{
- struct qemuSecuritySetRestoreAllLabelData data;
-
- memset(&data, 0, sizeof(data));
-
- data.set = true;
- data.driver = driver;
- data.vm = vm;
- data.stdin_path = stdin_path;
-
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) {
- if (virSecurityManagerPreFork(driver->securityManager) < 0)
- return -1;
- if (virProcessRunInMountNamespace(vm->pid,
- qemuSecuritySetRestoreAllLabelHelper,
- &data) < 0) {
- virSecurityManagerPostFork(driver->securityManager);
- return -1;
- }
- virSecurityManagerPostFork(driver->securityManager);
-
- } else {
- if (virSecurityManagerSetAllLabel(driver->securityManager,
- vm->def,
- stdin_path) < 0)
- return -1;
- }
- return 0;
+ int ret = -1;
+
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+ virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ goto cleanup;
+
+ if (virSecurityManagerSetAllLabel(driver->securityManager,
+ vm->def,
+ stdin_path) < 0)
+ goto cleanup;
+
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+ virSecurityManagerTransactionCommit(driver->securityManager,
+ vm->pid) < 0)
+ goto cleanup;
+
+ ret = 0;
+ cleanup:
+ virSecurityManagerTransactionAbort(driver->securityManager);
+ return ret;
}
virDomainObjPtr vm,
bool migrated)
{
- struct qemuSecuritySetRestoreAllLabelData data;
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+ virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ goto cleanup;
- memset(&data, 0, sizeof(data));
+ if (virSecurityManagerRestoreAllLabel(driver->securityManager,
+ vm->def,
+ migrated) < 0)
+ goto cleanup;
- data.driver = driver;
- data.vm = vm;
- data.migrated = migrated;
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+ virSecurityManagerTransactionCommit(driver->securityManager,
+ vm->pid) < 0)
+ goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) {
- if (virSecurityManagerPreFork(driver->securityManager) < 0)
- return;
-
- virProcessRunInMountNamespace(vm->pid,
- qemuSecuritySetRestoreAllLabelHelper,
- &data);
- virSecurityManagerPostFork(driver->securityManager);
- } else {
- virSecurityManagerRestoreAllLabel(driver->securityManager,
- vm->def,
- migrated);
- }
+ cleanup:
+ virSecurityManagerTransactionAbort(driver->securityManager);
}
projects / libvirt.git / commitdiff