When 'qemuSecurityRestoreAllLabel' is called on outgoing migration it
skips the actual relabeling part of the images in dac/selinux drivers in
order to avoid cutting off access to the image.
As shared filesystems don't really support the trusted XATTR groups,
remembering of security labels never worked on those paths so we never
actually had remembered seclabels for images that could be migrated.
With recent changes we now support migration from local storage to
remote in case the admin declares it as shared. This means that in case
when the VM is started on local storage we'd actually store seclabels,
but when migrating out the XATTRs remembering the seclabels would not
actually be unref'd and thus the seclabels would leak.
As we can't know whether a remote host will be able to use the XATTRs or
not (but really it won't) and at the same time the destination side of
migration will actually call 'qemuSecuritySetAllLabel' setting/refing
it's own seclabels we really need to unref them on our side.
This patch adds the appropriate *RecallLabel() calls on the code paths
in which relabelling is skipped due to migration.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
if (rc == 1) {
VIR_DEBUG("Skipping image label restore on %s because FS is shared",
src->path);
+
+ ignore_value(virSecurityDACRecallLabel(priv, src->path, NULL, NULL));
+
return 0;
}
}
}
if (rc == 1) {
+ g_autofree char *oldlabel = NULL;
+
VIR_DEBUG("Skipping image label restore on %s because FS is shared",
src->path);
+
+ /* We still want to remove the local reference of the remembered
+ * seclabel. The destination will take its own reference when
+ * starting the migrated VM */
+ ignore_value(virSecuritySELinuxRecallLabel(src->path, &oldlabel));
return 0;
}
}
projects / libvirt.git / commitdiff