NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Move image security metadata on snapshot activity

Browse Source 
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Michal Privoznik 2019-03-25 17:02:44 +01:00
parent 706e68237f
commit 3973d4dff1
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/qemu/qemu_blockjob.c
View File

@ -37,6 +37,7 @@
#include "locking/domain_lock.h" #include "locking/domain_lock.h"
#include "viralloc.h" #include "viralloc.h"
#include "virstring.h" #include "virstring.h"
#include "qemu_security.h"
#define VIR_FROM_THIS VIR_FROM_QEMU #define VIR_FROM_THIS VIR_FROM_QEMU
@ -275,6 +276,11 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverPtr driver,
* want to only revoke the non-shared portion of the chain); so for * want to only revoke the non-shared portion of the chain); so for
* now, we leak the access to the original. */ * now, we leak the access to the original. */
virDomainLockImageDetach(driver->lockManager, vm, disk->src); virDomainLockImageDetach(driver->lockManager, vm, disk->src);
/* Move secret driver metadata */
if (qemuSecurityMoveImageMetadata(driver, vm, disk->src, disk->mirror) < 0)
VIR_WARN("Unable to move disk metadata on vm %s", vm->def->name);
virObjectUnref(disk->src); virObjectUnref(disk->src);
disk->src = disk->mirror; disk->src = disk->mirror;
} else { } else {

18
src/qemu/qemu_driver.c
View File

@ -15126,17 +15126,31 @@ qemuDomainSnapshotUpdateDiskSourcesRenumber(virStorageSourcePtr src)
/** /**
* qemuDomainSnapshotUpdateDiskSources: * qemuDomainSnapshotUpdateDiskSources:
* @driver: QEMU driver
* @vm: domain object
* @dd: snapshot disk data object * @dd: snapshot disk data object
* *
* Updates disk definition after a successful snapshot. * Updates disk definition after a successful snapshot.
*/ */
static void static void
qemuDomainSnapshotUpdateDiskSources(qemuDomainSnapshotDiskDataPtr dd) qemuDomainSnapshotUpdateDiskSources(virQEMUDriverPtr driver,
virDomainObjPtr vm,
qemuDomainSnapshotDiskDataPtr dd)
{ {
if (!dd->src) {
/* Remove old metadata */
if (qemuSecurityMoveImageMetadata(driver, vm, dd->disk->src, NULL) < 0)
VIR_WARN("Unable to remove disk metadata on vm %s", vm->def->name);
return;
}
/* storage driver access won'd be needed */ /* storage driver access won'd be needed */
if (dd->initialized) if (dd->initialized)
virStorageFileDeinit(dd->src); virStorageFileDeinit(dd->src);
if (qemuSecurityMoveImageMetadata(driver, vm, dd->disk->src, dd->src) < 0)
VIR_WARN("Unable to move disk metadata on vm %s", vm->def->name);
/* the old disk image is now readonly */ /* the old disk image is now readonly */
dd->disk->src->readonly = true; dd->disk->src->readonly = true;
@ -15246,7 +15260,7 @@ qemuDomainSnapshotCreateDiskActive(virQEMUDriverPtr driver,
virDomainAuditDisk(vm, dd->disk->src, dd->src, "snapshot", rc >= 0); virDomainAuditDisk(vm, dd->disk->src, dd->src, "snapshot", rc >= 0);
if (rc == 0) if (rc == 0)
qemuDomainSnapshotUpdateDiskSources(dd); qemuDomainSnapshotUpdateDiskSources(driver, vm, dd);
} }
if (rc < 0) if (rc < 0)