From fb0b9a2cc50fb7a52eb4afea8ea48e39db74e45b Mon Sep 17 00:00:00 2001 From: Erik Skultety Date: Tue, 5 May 2015 13:24:41 +0200 Subject: [PATCH] qemu: Log error if domain uses security driver which is not loaded When starting a domain, if a domain specifies security drivers we do not have loaded, we fail. However we don't check for this during reconnect, so any operation relying on security driver functionality would fail. If someone e.g. starts a domain with selinux driver loaded, then they change the security driver to 'none' in config, restart the daemon and call dump/save/.., QEMU will return an error. As we shouldn't kill the domain, we should at least log an error to let the user know that domain reconnect wasn't completely clean. https://bugzilla.redhat.com/show_bug.cgi?id=1183893 --- src/qemu/qemu_process.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 118fc52457..d8bc495e7c 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3749,6 +3749,12 @@ qemuProcessReconnect(void *opaque) if ((qemuDomainAssignAddresses(obj->def, priv->qemuCaps, obj)) < 0) goto error; + /* if domain requests security driver we haven't loaded, report error, but + * do not kill the domain + */ + ignore_value(virSecurityManagerCheckAllLabel(driver->securityManager, + obj->def)); + if (virSecurityManagerReserveLabel(driver->securityManager, obj->def, obj->pid) < 0) goto error;