From nobody Sun Apr 28 21:36:54 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1605190731; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Mu3StX34xaeniT7N9TFCBph1SZ+R4S2C8CRTHYR3wfNqgzLA0EazOtrhGmtRs4xUUo8KuOKnVhf3wD7Rxhbk11iBEoTMgd7Pc2eba9OGbQANYLBm79UIqFV2N7aEmNFAfwkBFspLbIgw43R2mOw3J12yY4nK5fUbGYj6bwZIntY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1605190731;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=9gpSp1XX1YIgW0V3WdyC6LZkv4Z4SEGOdX7KN633Tc8=;
	b=SzV6GMBlD124M1jaavqodoQIYOk/rkWRwHepysUWW4Hb8Lr8lG2AnujQHG7YKcR16WZ1w2ZEggA1QiUhcCVQr+/uf+uWmC2I9Pif349hx6zwXuz3FfgZAbXE38odrKOAkxOtDWLzObCXlv7pnepee4+O5nIgInC+yYwOKCvel+E=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1605190731207716.276427922752;
 Thu, 12 Nov 2020 06:18:51 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-281-EgWRcJlhOQilTiAs4CkBUQ-1; Thu, 12 Nov 2020 09:18:47 -0500
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C68971882FB7;
	Thu, 12 Nov 2020 14:18:40 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A5D065D9E8;
	Thu, 12 Nov 2020 14:18:40 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 47AF8181A06B;
	Thu, 12 Nov 2020 14:18:40 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 0ACEIdPd017502 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 12 Nov 2020 09:18:39 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id E14E310073DE; Thu, 12 Nov 2020 14:18:38 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D8F4710CD918
	for <libvir-list@redhat.com>; Thu, 12 Nov 2020 14:18:36 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7D2AA85829F
	for <libvir-list@redhat.com>; Thu, 12 Nov 2020 14:18:36 +0000 (UTC)
Received: from szxga05-in.huawei.com (szxga05-in.huawei.com
	[45.249.212.191]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-172-yBdENvraPA2kU9xuockbJQ-1; Thu, 12 Nov 2020 09:18:32 -0500
Received: from DGGEMS405-HUB.china.huawei.com (unknown [172.30.72.58])
	by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4CX3bm5NyKzLwtw
	for <libvir-list@redhat.com>; Thu, 12 Nov 2020 22:18:12 +0800 (CST)
Received: from huawei.com (10.175.101.6) by DGGEMS405-HUB.china.huawei.com
	(10.3.19.205) with Microsoft SMTP Server id 14.3.487.0; Thu, 12 Nov 2020
	22:18:17 +0800
X-MC-Unique: EgWRcJlhOQilTiAs4CkBUQ-1
X-MC-Unique: yBdENvraPA2kU9xuockbJQ-1
From: Jin Yan <jinyan12@huawei.com>
To: <libvir-list@redhat.com>
Subject: [PATCH v2] selinux label: restore all labels when some labels fail to
	set
Date: Thu, 12 Nov 2020 22:07:07 +0800
Message-ID: <20201112140707.164131-1-jinyan12@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.175.101.6]
X-CFilter-Loop: Reflected
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 0ACEIdPd017502
X-loop: libvir-list@redhat.com
Cc: alex.chen@huawei.com, zhengchuan@huawei.com, jinyan12@huawei.com,
	oscar.zhangbo@huawei.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When migration fails, qemuMigrationDstPrepareAny will call qemuProcessStop
to restore labels only after all labels are successfully set. If some labels
fail to set, the labels that have been set will not be restored.

Signed-off-by: Jin Yan <jinyan12@huawei.com>
---
 src/qemu/qemu_security.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 3bda96272c..0cb90c840a 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -51,16 +51,24 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
                                       incomingPath,
                                       priv->chardevStdioLogd,
                                       migrated) < 0)
-        goto cleanup;
+        goto restorelabel;
=20
     if (virSecurityManagerTransactionCommit(driver->securityManager,
                                             pid, priv->rememberOwner) < 0)
-        goto cleanup;
+        goto restorelabel;
=20
     ret =3D 0;
+
  cleanup:
     virSecurityManagerTransactionAbort(driver->securityManager);
     return ret;
+
+ restorelabel:
+    virSecurityManagerRestoreAllLabel(driver->securityManager,
+                                      vm->def,
+                                      migrated,
+                                      priv->chardevStdioLogd);
+    goto cleanup;
 }
=20
=20
--=20
2.23.0