qemu_hotplug: Create chardev files before attempting to relabel them

When hotplugging a chardev, Libvirt opens corresponding
file/binds to a socket/does whatever necessary to obtain an FD
that is later passed to QEMU. However, due to wrong placement of
the function that does all of this
(qemuProcessPrepareHostBackendChardevHotplug()) it may happen
that a file is set seclabel on, only to be unlink()-ed and
created again (the former is done by
qemuSecuritySetChardevLabel(), the latter by aforementioned
function). The unlink()-ing is done for UNIX sockets with
mode='bind' and happens inside qemuOpenChrChardevUNIXSocket().
However, these steps can be swapped simply.

Fixes: ad81aa8ad07e52c9bd4840de84d2ed59998b4d2a
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 1c404ad5a50f777927c010f3b2763059e3a67388..5eb370c3dfd475ac7bda4bb4663b5abd9cd1b5f7 100644 (file)
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -2118,6 +2118,9 @@ qemuDomainAttachChrDevice(virQEMUDriver *driver,
     if (qemuDomainAttachChrDeviceAssignAddr(vm, chr, &need_release) < 0)
         goto cleanup;
 
+    if (qemuProcessPrepareHostBackendChardevHotplug(vm, dev) < 0)
+        goto cleanup;
+
     if (qemuDomainNamespaceSetupChardev(vm, chr, &teardowndevice) < 0)
         goto cleanup;
 
@@ -2129,9 +2132,6 @@ qemuDomainAttachChrDevice(virQEMUDriver *driver,
         goto cleanup;
     teardowncgroup = true;
 
-    if (qemuProcessPrepareHostBackendChardevHotplug(vm, dev) < 0)
-        goto cleanup;
-
     if (guestfwd) {
         if (!(netdevprops = qemuBuildChannelGuestfwdNetdevProps(chr)))
             goto cleanup;