{
int ret = -1;
qemuDomainObjPrivatePtr priv = vm->privateData;
+ pid_t pid = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerSetAllLabel(driver->securityManager,
priv->chardevStdioLogd) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
bool migrated)
{
qemuDomainObjPrivatePtr priv = vm->privateData;
+ bool transactionStarted = false;
+
+ /* In contrast to qemuSecuritySetAllLabel, do not use vm->pid
+ * here. This function is called from qemuProcessStop() which
+ * is meant to do cleanup after qemu process died. The
+ * domain's namespace is gone as qemu was the only process
+ * running there. We would not succeed in entering the
+ * namespace then. */
+ if (virSecurityManagerTransactionStart(driver->securityManager) >= 0)
+ transactionStarted = true;
- /* In contrast to qemuSecuritySetAllLabel, do not use
- * secdriver transactions here. This function is called from
- * qemuProcessStop() which is meant to do cleanup after qemu
- * process died. If it did do, the namespace is gone as qemu
- * was the only process running there. We would not succeed
- * in entering the namespace then. */
virSecurityManagerRestoreAllLabel(driver->securityManager,
vm->def,
migrated,
priv->chardevStdioLogd);
+
+ if (transactionStarted &&
+ virSecurityManagerTransactionCommit(driver->securityManager, -1) < 0)
+ VIR_WARN("Unable to run security manager transaction");
+
+ virSecurityManagerTransactionAbort(driver->securityManager);
}
virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerSetDiskLabel(driver->securityManager,
disk) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerRestoreDiskLabel(driver->securityManager,
disk) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
virDomainObjPtr vm,
virStorageSourcePtr src)
{
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerSetImageLabel(driver->securityManager,
src) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
virDomainObjPtr vm,
virStorageSourcePtr src)
{
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
src) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
virDomainObjPtr vm,
virDomainHostdevDefPtr hostdev)
{
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerSetHostdevLabel(driver->securityManager,
NULL) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
virDomainObjPtr vm,
virDomainHostdevDefPtr hostdev)
{
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
NULL) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
virDomainObjPtr vm,
virDomainMemoryDefPtr mem)
{
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerSetMemoryLabel(driver->securityManager,
mem) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
virDomainObjPtr vm,
virDomainMemoryDefPtr mem)
{
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerRestoreMemoryLabel(driver->securityManager,
mem) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
{
qemuDomainObjPrivatePtr priv = vm->privateData;
virQEMUDriverPtr driver = priv->driver;
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerSetInputLabel(driver->securityManager,
input) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
{
qemuDomainObjPrivatePtr priv = vm->privateData;
virQEMUDriverPtr driver = priv->driver;
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerRestoreInputLabel(driver->securityManager,
input) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
{
int ret = -1;
qemuDomainObjPrivatePtr priv = vm->privateData;
+ pid_t pid = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerSetChardevLabel(driver->securityManager,
priv->chardevStdioLogd) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
{
int ret = -1;
qemuDomainObjPrivatePtr priv = vm->privateData;
+ pid_t pid = -1;
+
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerRestoreChardevLabel(driver->securityManager,
priv->chardevStdioLogd) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
int *cmdret)
{
int ret = -1;
+ bool transactionStarted = false;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ return -1;
+ transactionStarted = true;
if (virSecurityManagerSetTPMLabels(driver->securityManager,
- def) < 0)
+ def) < 0) {
+ virSecurityManagerTransactionAbort(driver->securityManager);
+ return -1;
+ }
+
+ if (virSecurityManagerTransactionCommit(driver->securityManager, -1) < 0)
goto cleanup;
+ transactionStarted = false;
if (virSecurityManagerSetChildProcessLabel(driver->securityManager,
def, cmd) < 0)
return 0;
cleanup:
+ if (!transactionStarted &&
+ virSecurityManagerTransactionStart(driver->securityManager) >= 0)
+ transactionStarted = true;
+
virSecurityManagerRestoreTPMLabels(driver->securityManager, def);
+ if (transactionStarted &&
+ virSecurityManagerTransactionCommit(driver->securityManager, -1) < 0)
+ VIR_WARN("Unable to run security manager transaction");
+
+ virSecurityManagerTransactionAbort(driver->securityManager);
return ret;
}
qemuSecurityCleanupTPMEmulator(virQEMUDriverPtr driver,
virDomainDefPtr def)
{
+ bool transactionStarted = false;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) >= 0)
+ transactionStarted = true;
+
virSecurityManagerRestoreTPMLabels(driver->securityManager, def);
+
+ if (transactionStarted &&
+ virSecurityManagerTransactionCommit(driver->securityManager, -1) < 0)
+ VIR_WARN("Unable to run security manager transaction");
+
+ virSecurityManagerTransactionAbort(driver->securityManager);
}
const char *path,
bool allowSubtree)
{
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerDomainSetPathLabel(driver->securityManager,
allowSubtree) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
virDomainObjPtr vm,
const char *savefile)
{
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerSetSavedStateLabel(driver->securityManager,
savefile) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
virDomainObjPtr vm,
const char *savefile)
{
+ pid_t pid = -1;
int ret = -1;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ pid = vm->pid;
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager,
savefile) < 0)
goto cleanup;
- if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
- virSecurityManagerTransactionCommit(driver->securityManager,
- vm->pid) < 0)
+ if (virSecurityManagerTransactionCommit(driver->securityManager, pid) < 0)
goto cleanup;
ret = 0;
projects / libvirt.git / commitdiff