|
 |
43fe83 |
From 519a408e23e7a6bb55d5ef459d107d3869f7b2f8 Mon Sep 17 00:00:00 2001
|
|
|
43fe83 |
Message-Id: <519a408e23e7a6bb55d5ef459d107d3869f7b2f8.1377873642.git.jdenemar@redhat.com>
|
|
|
43fe83 |
From: Eric Blake <eblake@redhat.com>
|
|
|
43fe83 |
Date: Wed, 21 Aug 2013 08:16:48 -0600
|
|
|
43fe83 |
Subject: [PATCH] migration: do not restore labels on failed migration
|
|
|
43fe83 |
|
|
|
43fe83 |
7.0: https://bugzilla.redhat.com/show_bug.cgi?id=822052
|
|
|
43fe83 |
6.5: https://bugzilla.redhat.com/show_bug.cgi?id=895826
|
|
|
43fe83 |
|
|
|
43fe83 |
When doing a live migration, if the destination fails for any
|
|
|
43fe83 |
reason after the point in which files should be labeled, then
|
|
|
43fe83 |
the cleanup of the destination would restore the labels to their
|
|
|
43fe83 |
defaults, even though the source is still trying to continue
|
|
|
43fe83 |
running with the image open. Bug 822052 mentioned one source
|
|
|
43fe83 |
of live migration failure - a mismatch in SELinux virt_use_nfs
|
|
|
43fe83 |
settings (on for source, off for destination); but I found other
|
|
|
43fe83 |
situations that would also trigger it (for example, having a
|
|
|
43fe83 |
graphics device tied to port 5999 on the source, and a different
|
|
|
43fe83 |
domain on the destination already using that port, so that the
|
|
|
43fe83 |
destination cannot reuse the port).
|
|
|
43fe83 |
|
|
|
43fe83 |
In short, just as cleanup of the source on a successful migration
|
|
|
43fe83 |
must not relabel files (because the destination would be crippled
|
|
|
43fe83 |
by the relabel), cleanup of the destination on a failed migration
|
|
|
43fe83 |
must not relabel files (because the source would be crippled).
|
|
|
43fe83 |
|
|
|
43fe83 |
* src/qemu/qemu_process.c (qemuProcessStart): Set flag to avoid
|
|
|
43fe83 |
label restoration when cleaning up on failed migration.
|
|
|
43fe83 |
|
|
|
43fe83 |
Signed-off-by: Eric Blake <eblake@redhat.com>
|
|
|
43fe83 |
(cherry picked from commit e4ddcf09fb3efa4c5014e0c3259a05beb0f719a8)
|
|
|
43fe83 |
---
|
|
|
43fe83 |
src/qemu/qemu_process.c | 4 ++++
|
|
|
43fe83 |
1 file changed, 4 insertions(+)
|
|
|
43fe83 |
|
|
|
43fe83 |
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
|
|
|
43fe83 |
index 6a28356..1d8df58 100644
|
|
|
43fe83 |
--- a/src/qemu/qemu_process.c
|
|
|
43fe83 |
+++ b/src/qemu/qemu_process.c
|
|
|
43fe83 |
@@ -3467,6 +3467,10 @@ int qemuProcessStart(virConnectPtr conn,
|
|
|
43fe83 |
* restore any security label as we would overwrite labels
|
|
|
43fe83 |
* we did not set. */
|
|
|
43fe83 |
stop_flags = VIR_QEMU_PROCESS_STOP_NO_RELABEL;
|
|
|
43fe83 |
+ /* If we fail while doing incoming migration, then we must not
|
|
|
43fe83 |
+ * relabel, as the source is still using the files. */
|
|
|
43fe83 |
+ if (migrateFrom)
|
|
|
43fe83 |
+ stop_flags |= VIR_QEMU_PROCESS_STOP_MIGRATED;
|
|
|
43fe83 |
|
|
|
43fe83 |
hookData.conn = conn;
|
|
|
43fe83 |
hookData.vm = vm;
|
|
|
43fe83 |
--
|
|
|
43fe83 |
1.8.3.2
|
|
|
43fe83 |
|