From f8c1fb3d2e38f181912544e956af068acde0e900 Mon Sep 17 00:00:00 2001 From: Luyao Huang Date: Mon, 1 Dec 2014 17:54:35 +0800 Subject: [PATCH] qemu: Make pid available for security managers in qemuProcessAttach There are some small issue in qemuProcessAttach: 1.Fix virSecurityManagerGetProcessLabel always get pid = 0, move 'vm->pid = pid' before call virSecurityManagerGetProcessLabel. 2.Use virSecurityManagerGenLabel to get image label. 3.Fix always set selinux label for other security driver label. Signed-off-by: Luyao Huang --- src/qemu/qemu_process.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 049cfe965e..08d6b7cfbd 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5256,6 +5256,8 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED, if (VIR_STRDUP(priv->pidfile, pidfile) < 0) goto error; + vm->pid = pid; + VIR_DEBUG("Detect security driver config"); sec_managers = virSecurityManagerGetNested(driver->securityManager); if (sec_managers == NULL) @@ -5273,7 +5275,7 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED, seclabeldef->type = VIR_DOMAIN_SECLABEL_STATIC; if (VIR_ALLOC(seclabel) < 0) goto error; - if (virSecurityManagerGetProcessLabel(driver->securityManager, + if (virSecurityManagerGetProcessLabel(sec_managers[i], vm->def, vm->pid, seclabel) < 0) goto error; @@ -5291,6 +5293,9 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED, } } + if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) + goto error; + VIR_DEBUG("Creating domain log file"); if ((logfile = qemuDomainCreateLog(driver, vm, false)) < 0) goto error; @@ -5335,8 +5340,6 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED, qemuDomainObjTaint(driver, vm, VIR_DOMAIN_TAINT_EXTERNAL_LAUNCH, logfile); - vm->pid = pid; - VIR_DEBUG("Waiting for monitor to show up"); if (qemuProcessWaitForMonitor(driver, vm, QEMU_ASYNC_JOB_NONE, priv->qemuCaps, -1) < 0) goto error; -- 2.39.5