qemu: fix regression with fd labeling on migration

My earlier testing for commit 34fa0de0 was done while starting
just-built libvirt from an unconfined_t shell, where the fds happened
to work when transferring to qemu.  But when installed and run under
virtd_t, failure to label the raw file (with no compression) or the
pipe (with compression) triggers SELinux failures when passing fds
over SCM_RIGHTS to svirt_t qemu.

* src/qemu/qemu_migration.c (qemuMigrationToFile): When passing
FDs, make sure they are labeled.

diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 98b9d01315b3287dc5141cd24862951ec9858dfb..43741e1d14c696a2860fa1d7fd134db242f16617 100644 (file)
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1304,8 +1304,12 @@ qemuMigrationToFile(struct qemud_driver *driver, virDomainObjPtr vm,
     if (qemuCaps && qemuCapsGet(qemuCaps, QEMU_CAPS_MIGRATE_QEMU_FD) &&
         (!compressor || pipe(pipeFD) == 0)) {
         /* All right! We can use fd migration, which means that qemu
-         * doesn't have to open() the file, so we don't have to futz
-         * around with granting access or revoking it later.  */
+         * doesn't have to open() the file, so while we still have to
+         * grant SELinux access, we can do it on fd and avoid cleanup
+         * later, as well as skip futzing with cgroup.  */
+        if (virSecurityManagerSetFDLabel(driver->securityManager, vm,
+                                         compressor ? pipeFD[1] : fd) < 0)
+            goto cleanup;
         is_reg = true;
         bypassSecurityDriver = true;
     } else {