Commit - virt-ark/libvirt - b0c6300fc42bbc3e5eb0b236392f7344581c5810

virt-ark / libvirt

`b0c6300` qemu: ensure FDs passed to QEMU for chardevs have correct SELinux labels

Authored and Committed by berrange 5 years ago

raw patch tree parent

3 files changed. 63 lines added. 26 lines removed.

src/qemu/qemu_command.c

file modified

+60 -26

src/qemu/qemu_command.h

file modified

+1 -0

src/qemu/qemu_process.c

file modified

+2 -0

    qemu: ensure FDs passed to QEMU for chardevs have correct SELinux labels
    
    The UNIX socket FDs were we passing to QEMU inherited a label based on
    libvirtd's context. QEMU is thus denied ability to access the UNIX
    socket. We need to use the security manager to change our current
    context temporarily when creating the UNIX socket FD.
    
    Reviewed-by: Laine Stump <laine@laine.org>
    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

src/qemu/qemu_command.c

file modified

+60 -26

src/qemu/qemu_command.h

file modified

+1 -0

src/qemu/qemu_process.c

file modified

+2 -0

virt-ark / libvirt

Source Code

b0c6300 qemu: ensure FDs passed to QEMU for chardevs have correct SELinux labels

Authored and Committed by berrange 5 years ago

`b0c6300` qemu: ensure FDs passed to QEMU for chardevs have correct SELinux labels