[PATCH v2 00/10] qemu: Fix image labels lost after migration with shared fs

Peng Liang posted 10 patches 1 week, 4 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20211011120048.243696-1-liangpeng10@huawei.com
src/libvirt_private.syms        |  1 +
src/qemu/qemu_migration.c       | 12 +++++++
src/qemu/qemu_process.c         |  5 ++-
src/qemu/qemu_security.c        | 10 ++++++
src/qemu/qemu_security.h        |  5 +++
src/security/security_dac.c     | 58 ++++++++++++++++++++++++--------
src/security/security_driver.h  |  5 +++
src/security/security_manager.c | 29 ++++++++++++++++
src/security/security_manager.h |  5 +++
src/security/security_selinux.c | 59 +++++++++++++++++++++++++--------
src/security/security_stack.c   | 20 +++++++++++
src/security/security_util.c    | 32 ++++++++++++++++++
src/security/security_util.h    |  4 +++
13 files changed, 218 insertions(+), 27 deletions(-)

[PATCH v2 00/10] qemu: Fix image labels lost after migration with shared fs

Posted by Peng Liang 1 week, 4 days ago
This is v2 of:
https://listman.redhat.com/archives/libvir-list/2021-August/msg00698.html

When migrating using shared fs, the dst host will remember the image
labels again before launching the VM and the src host will remove the
image labels after migration.  It leads to that the image labels lost
after migration.

Patch 8-10 are the real fix patches.

v1 -> v2:
1. fix check of virFileIsSharedFS in patch10 (patch9 in v1) [Michal]
2. add implementation of SELinux (patch5, 7, 8) [Michal]

Peng Liang (10):
  security: add virSecurityUpdateTimestampIfexists
  security: add virSecurityManagerUpdateImageLabel
  security: implement domainUpdateSecurityImageLabel for stack
  security: implement domainUpdateSecurityImageLabel for DAC
  security: implement domainUpdateSecurityImageLabel for SELinux
  qemu: add qemuSecurityUpdateImageLabel
  security: rename 2 functions in DAC and SELinux
  security: don't remember image labels when migrating with shared fs
  migration: don't remove image labels after migration
  migration: update image labels in dst after migration

 src/libvirt_private.syms        |  1 +
 src/qemu/qemu_migration.c       | 12 +++++++
 src/qemu/qemu_process.c         |  5 ++-
 src/qemu/qemu_security.c        | 10 ++++++
 src/qemu/qemu_security.h        |  5 +++
 src/security/security_dac.c     | 58 ++++++++++++++++++++++++--------
 src/security/security_driver.h  |  5 +++
 src/security/security_manager.c | 29 ++++++++++++++++
 src/security/security_manager.h |  5 +++
 src/security/security_selinux.c | 59 +++++++++++++++++++++++++--------
 src/security/security_stack.c   | 20 +++++++++++
 src/security/security_util.c    | 32 ++++++++++++++++++
 src/security/security_util.h    |  4 +++
 13 files changed, 218 insertions(+), 27 deletions(-)

-- 
2.31.1