#include "locking/domain_lock.h"
#include "viralloc.h"
#include "virstring.h"
+#include "qemu_security.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
* want to only revoke the non-shared portion of the chain); so for
* now, we leak the access to the original. */
virDomainLockImageDetach(driver->lockManager, vm, disk->src);
+
+ /* Move secret driver metadata */
+ if (qemuSecurityMoveImageMetadata(driver, vm, disk->src, disk->mirror) < 0)
+ VIR_WARN("Unable to move disk metadata on vm %s", vm->def->name);
+
virObjectUnref(disk->src);
disk->src = disk->mirror;
} else {
/**
* qemuDomainSnapshotUpdateDiskSources:
+ * @driver: QEMU driver
+ * @vm: domain object
* @dd: snapshot disk data object
*
* Updates disk definition after a successful snapshot.
*/
static void
-qemuDomainSnapshotUpdateDiskSources(qemuDomainSnapshotDiskDataPtr dd)
+qemuDomainSnapshotUpdateDiskSources(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ qemuDomainSnapshotDiskDataPtr dd)
{
+ if (!dd->src) {
+ /* Remove old metadata */
+ if (qemuSecurityMoveImageMetadata(driver, vm, dd->disk->src, NULL) < 0)
+ VIR_WARN("Unable to remove disk metadata on vm %s", vm->def->name);
+ return;
+ }
+
/* storage driver access won'd be needed */
if (dd->initialized)
virStorageFileDeinit(dd->src);
+ if (qemuSecurityMoveImageMetadata(driver, vm, dd->disk->src, dd->src) < 0)
+ VIR_WARN("Unable to move disk metadata on vm %s", vm->def->name);
+
/* the old disk image is now readonly */
dd->disk->src->readonly = true;
virDomainAuditDisk(vm, dd->disk->src, dd->src, "snapshot", rc >= 0);
if (rc == 0)
- qemuDomainSnapshotUpdateDiskSources(dd);
+ qemuDomainSnapshotUpdateDiskSources(driver, vm, dd);
}
if (rc < 0)
projects / libvirt.git / commitdiff