From nobody Sat Apr 27 15:22:37 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 63.128.21.124 as permitted sender) client-ip=63.128.21.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1605156705; cv=none;
	d=zohomail.com; s=zohoarc;
	b=LMTj/+3xQKNlKvNCca9iozZp3MLI2g/WXtNJ9TLyY8hQ+95SVtsBsb7awjgj7t8GTizsBdwplMyyv8tbIMuA4N6q9GLo6ngNoI0zHDie5dEQw+OOqMNxrM/nb+cX8NhghIyef5TWYqVbH+u9lTHMNj2RcH3lV5KJjjPIZoQH9ik=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1605156705;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=oi87p4B7/91eOQ6d0ahjsqY3sgfPx1lVNrHvsZAgBYE=;
	b=IxJfpaqTZwFpKe2ZXjOrcY9O0OAUvVDIu4ufGxH+fgh194hq5oxCgqv+y9cd1zKaspd1AloQCK51jO2MDjx4jn0lgMnbPrFnhJIX2KZ+NS9LGsb+/FxG3x+PogxX2puaB2kAdWA+JsVPMs9Pbr+hz+H6Y2haqk84NJ1ypQj21Vg=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com
	with SMTPS id 160515670509273.98765827076522;
 Wed, 11 Nov 2020 20:51:45 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-410-vxImaCvLM2WRHP0W5-Ccow-1; Wed, 11 Nov 2020 23:51:41 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DDC061006C97;
	Thu, 12 Nov 2020 04:51:33 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8FF422C31E;
	Thu, 12 Nov 2020 04:51:32 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 009D4180B658;
	Thu, 12 Nov 2020 04:51:26 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
	[10.11.54.4])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 0AC4pOU2016633 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 11 Nov 2020 23:51:24 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 3CEB3202279B; Thu, 12 Nov 2020 04:51:24 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 381EA2022791
	for <libvir-list@redhat.com>; Thu, 12 Nov 2020 04:51:22 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EBA17800969
	for <libvir-list@redhat.com>; Thu, 12 Nov 2020 04:51:21 +0000 (UTC)
Received: from szxga05-in.huawei.com (szxga05-in.huawei.com
	[45.249.212.191]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-276-dQRcrXF5M2WntAhD2qNQFw-1; Wed, 11 Nov 2020 23:51:19 -0500
Received: from DGGEMS402-HUB.china.huawei.com (unknown [172.30.72.60])
	by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4CWpd6234XzhkB6
	for <libvir-list@redhat.com>; Thu, 12 Nov 2020 12:33:30 +0800 (CST)
Received: from huawei.com (10.175.101.6) by DGGEMS402-HUB.china.huawei.com
	(10.3.19.202) with Microsoft SMTP Server id 14.3.487.0; Thu, 12 Nov 2020
	12:33:31 +0800
X-MC-Unique: vxImaCvLM2WRHP0W5-Ccow-1
X-MC-Unique: dQRcrXF5M2WntAhD2qNQFw-1
From: Jin Yan <jinyan12@huawei.com>
To: <libvir-list@redhat.com>
Subject: [PATCH] selinux label: restore all labels when some labels fail to
 set
Date: Thu, 12 Nov 2020 12:22:22 +0800
Message-ID: <20201112042222.1489635-1-jinyan12@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.175.101.6]
X-CFilter-Loop: Reflected
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 0AC4pOU2016633
X-loop: libvir-list@redhat.com
Cc: alex.chen@huawei.com, zhengchuan@huawei.com, jinyan12@huawei.com,
	oscar.zhangbo@huawei.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When migration fails, qemuMigrationDstPrepareAny will call qemuProcessStop
to restore labels only after all labels are successfully set. If some labels
fail to set, the labels that have been set will not be restore.

Signed-off-by: Jin Yan <jinyan12@huawei.com>
---
 src/qemu/qemu_security.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 3bda96272c..e4d5e13516 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -51,13 +51,20 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
                                       incomingPath,
                                       priv->chardevStdioLogd,
                                       migrated) < 0)
-        goto cleanup;
+        goto restorelabel;
=20
     if (virSecurityManagerTransactionCommit(driver->securityManager,
                                             pid, priv->rememberOwner) < 0)
-        goto cleanup;
+        goto restorelabel;
=20
     ret =3D 0;
+
+ restorelabel:
+    virSecurityManagerRestoreAllLabel(driver->securityManager,
+                                      vm->def,
+                                      migrated,
+                                      priv->chardevStdioLogd);
+
  cleanup:
     virSecurityManagerTransactionAbort(driver->securityManager);
     return ret;
--=20
2.23.0