From nobody Tue Feb 10 05:45:01 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=huawei.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1629686792431369.85674044503526; Sun, 22 Aug 2021 19:46:32 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-290-E7w-lbq6Oh2zcoxkLgfZ5Q-1; Sun, 22 Aug 2021 22:46:29 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7975F801AEB; Mon, 23 Aug 2021 02:46:24 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5C88960861; Mon, 23 Aug 2021 02:46:24 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 24921181A0F9; Mon, 23 Aug 2021 02:46:24 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 17N2k9NF021075 for ; Sun, 22 Aug 2021 22:46:09 -0400 Received: by smtp.corp.redhat.com (Postfix) id 28331200BCF0; Mon, 23 Aug 2021 02:46:09 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 23F59200BCE9 for ; Mon, 23 Aug 2021 02:46:08 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 132BC100B8C2 for ; Mon, 23 Aug 2021 02:46:08 +0000 (UTC) Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-579-UAU_yN4vMl-XEsBq0qf1AA-1; Sun, 22 Aug 2021 22:46:05 -0400 Received: from dggemv704-chm.china.huawei.com (unknown [172.30.72.56]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4GtGjc3Njhzbh8P for ; Mon, 23 Aug 2021 10:42:12 +0800 (CST) Received: from dggema765-chm.china.huawei.com (10.1.198.207) by dggemv704-chm.china.huawei.com (10.3.19.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2176.2; Mon, 23 Aug 2021 10:46:00 +0800 Received: from localhost.localdomain (10.175.101.6) by dggema765-chm.china.huawei.com (10.1.198.207) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Mon, 23 Aug 2021 10:46:00 +0800 X-MC-Unique: E7w-lbq6Oh2zcoxkLgfZ5Q-1 X-MC-Unique: UAU_yN4vMl-XEsBq0qf1AA-1 From: Peng Liang To: Subject: [PATCH 7/9] migration: don't remember image labels when migrating with shared fs Date: Mon, 23 Aug 2021 10:41:18 +0800 Message-ID: <20210823024120.1167139-8-liangpeng10@huawei.com> In-Reply-To: <20210823024120.1167139-1-liangpeng10@huawei.com> References: <20210823024120.1167139-1-liangpeng10@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.175.101.6] X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To dggema765-chm.china.huawei.com (10.1.198.207) X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 17N2k9NF021075 X-loop: libvir-list@redhat.com Cc: yubihong@huawei.com, liangpeng10@huawei.com, xiexiangyou@huawei.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1629686794396100001 Content-Type: text/plain; charset="utf-8" When migrating with shared fs, the image labels has been remembered and the ownership of the image has been set in the src host. If the dst host remembers the ownership of the image again, the ownership of the image remembered in the src host (the origin ownership) will lost. Signed-off-by: Peng Liang --- src/security/security_dac.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index b16552b2559e..bd342fd20312 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -867,7 +867,8 @@ virSecurityDACSetImageLabelSingle(virSecurityManager *m= gr, virDomainDef *def, virStorageSource *src, virStorageSource *parent, - bool isChainTop) + bool isChainTop, + bool migrated) { virSecurityLabelDef *secdef; virSecurityDeviceLabelDef *disk_seclabel; @@ -931,7 +932,8 @@ virSecurityDACSetImageLabelSingle(virSecurityManager *m= gr, * but the top layer, or read only image, or disk explicitly * marked as shared. */ - remember =3D isChainTop && !src->readonly && !src->shared; + remember =3D isChainTop && !src->readonly && !src->shared && + !(migrated && virFileIsSharedFS(src->path) > 0); =20 return virSecurityDACSetOwnership(mgr, src, NULL, user, group, remembe= r); } @@ -942,14 +944,15 @@ virSecurityDACSetImageLabelRelative(virSecurityManage= r *mgr, virDomainDef *def, virStorageSource *src, virStorageSource *parent, - virSecurityDomainImageLabelFlags flags) + virSecurityDomainImageLabelFlags flags, + bool migrated) { virStorageSource *n; =20 for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { const bool isChainTop =3D flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT= _CHAIN_TOP; =20 - if (virSecurityDACSetImageLabelSingle(mgr, def, n, parent, isChain= Top) < 0) + if (virSecurityDACSetImageLabelSingle(mgr, def, n, parent, isChain= Top, migrated) < 0) return -1; =20 if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) @@ -961,13 +964,23 @@ virSecurityDACSetImageLabelRelative(virSecurityManage= r *mgr, return 0; } =20 +static int +virSecurityDACSetImageLabelInt(virSecurityManager *mgr, + virDomainDef *def, + virStorageSource *src, + virSecurityDomainImageLabelFlags flags, + bool migrated) +{ + return virSecurityDACSetImageLabelRelative(mgr, def, src, src, flags, = migrated); +} + static int virSecurityDACSetImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, virSecurityDomainImageLabelFlags flags) { - return virSecurityDACSetImageLabelRelative(mgr, def, src, src, flags); + return virSecurityDACSetImageLabelInt(mgr, def, src, flags, false); } =20 static int @@ -2116,7 +2129,7 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr, virDomainDef *def, const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd, - bool migrated G_GNUC_UNUSED) + bool migrated) { virSecurityDACData *priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityLabelDef *secdef; @@ -2138,9 +2151,10 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr, /* XXX fixme - we need to recursively label the entire tree :-( */ if (virDomainDiskGetType(def->disks[i]) =3D=3D VIR_STORAGE_TYPE_DI= R) continue; - if (virSecurityDACSetImageLabel(mgr, def, def->disks[i]->src, - VIR_SECURITY_DOMAIN_IMAGE_LABEL_BA= CKING_CHAIN | - VIR_SECURITY_DOMAIN_IMAGE_PARENT_C= HAIN_TOP) < 0) + if (virSecurityDACSetImageLabelInt(mgr, def, def->disks[i]->src, + VIR_SECURITY_DOMAIN_IMAGE_LABEL= _BACKING_CHAIN | + VIR_SECURITY_DOMAIN_IMAGE_PAREN= T_CHAIN_TOP, + migrated) < 0) return -1; } =20 --=20 2.31.1