[PATCH] selinux label: restore all labels when some labels fail to set

Jin Yan posted 1 patch 3 years, 4 months ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20201112042222.1489635-1-jinyan12@huawei.com
There is a newer version of this series
src/qemu/qemu_security.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
[PATCH] selinux label: restore all labels when some labels fail to set
Posted by Jin Yan 3 years, 4 months ago
When migration fails, qemuMigrationDstPrepareAny will call qemuProcessStop
to restore labels only after all labels are successfully set. If some labels
fail to set, the labels that have been set will not be restore.

Signed-off-by: Jin Yan <jinyan12@huawei.com>
---
 src/qemu/qemu_security.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 3bda96272c..e4d5e13516 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -51,13 +51,20 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
                                       incomingPath,
                                       priv->chardevStdioLogd,
                                       migrated) < 0)
-        goto cleanup;
+        goto restorelabel;
 
     if (virSecurityManagerTransactionCommit(driver->securityManager,
                                             pid, priv->rememberOwner) < 0)
-        goto cleanup;
+        goto restorelabel;
 
     ret = 0;
+
+ restorelabel:
+    virSecurityManagerRestoreAllLabel(driver->securityManager,
+                                      vm->def,
+                                      migrated,
+                                      priv->chardevStdioLogd);
+
  cleanup:
     virSecurityManagerTransactionAbort(driver->securityManager);
     return ret;
-- 
2.23.0