qemu_security: Use more transactions

author Michal Privoznik <mprivozn@redhat.com>

Wed, 18 Jan 2017 08:50:14 +0000 (09:50 +0100)

committer Michal Privoznik <mprivozn@redhat.com>

Tue, 7 Feb 2017 09:40:53 +0000 (10:40 +0100)
author Michal Privoznik <mprivozn@redhat.com>
Wed, 18 Jan 2017 08:50:14 +0000 (09:50 +0100)
committer Michal Privoznik <mprivozn@redhat.com>
Tue, 7 Feb 2017 09:40:53 +0000 (10:40 +0100)
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c

index 13d99cdbd4272c89933b31d4dfc9ce0caca711ce..35cdf50b09c67300061abcf73f3f4f057d0e073b 100644 (file)
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -90,14 +90,26 @@ qemuSecuritySetDiskLabel(virQEMUDriverPtr driver,
                           virDomainObjPtr vm,
                           virDomainDiskDefPtr disk)
  {
-    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) {
-        /* Already handled by namespace code. */
-        return 0;
-    }
+    int ret = -1;
  
-    return virSecurityManagerSetDiskLabel(driver->securityManager,
-                                          vm->def,
-                                          disk);
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+        virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;
+
+    if (virSecurityManagerSetDiskLabel(driver->securityManager,
+                                       vm->def,
+                                       disk) < 0)
+        goto cleanup;
+
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+        virSecurityManagerTransactionCommit(driver->securityManager,
+                                            vm->pid) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
  }
  
  
@@ -106,14 +118,26 @@ qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver,
                               virDomainObjPtr vm,
                               virDomainDiskDefPtr disk)
  {
-    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) {
-        /* Already handled by namespace code. */
-        return 0;
-    }
+    int ret = -1;
  
-    return virSecurityManagerRestoreDiskLabel(driver->securityManager,
-                                              vm->def,
-                                              disk);
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+        virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;
+
+    if (virSecurityManagerRestoreDiskLabel(driver->securityManager,
+                                           vm->def,
+                                           disk) < 0)
+        goto cleanup;
+
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+        virSecurityManagerTransactionCommit(driver->securityManager,
+                                            vm->pid) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
  }
  
  
@@ -122,15 +146,27 @@ qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver,
                              virDomainObjPtr vm,
                              virDomainHostdevDefPtr hostdev)
  {
-    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) {
-        /* Already handled by namespace code. */
-        return 0;
-    }
-
-    return virSecurityManagerSetHostdevLabel(driver->securityManager,
-                                             vm->def,
-                                             hostdev,
-                                             NULL);
+    int ret = -1;
+
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+        virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;
+
+    if (virSecurityManagerSetHostdevLabel(driver->securityManager,
+                                          vm->def,
+                                          hostdev,
+                                          NULL) < 0)
+        goto cleanup;
+
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+        virSecurityManagerTransactionCommit(driver->securityManager,
+                                            vm->pid) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
  }
  
  
@@ -139,13 +175,25 @@ qemuSecurityRestoreHostdevLabel(virQEMUDriverPtr driver,
                                  virDomainObjPtr vm,
                                  virDomainHostdevDefPtr hostdev)
  {
-    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) {
-        /* Already handled by namespace code. */
-        return 0;
-    }
-
-    return virSecurityManagerRestoreHostdevLabel(driver->securityManager,
-                                                 vm->def,
-                                                 hostdev,
-                                                 NULL);
+    int ret = -1;
+
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+        virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;
+
+    if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
+                                              vm->def,
+                                              hostdev,
+                                              NULL) < 0)
+        goto cleanup;
+
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+        virSecurityManagerTransactionCommit(driver->securityManager,
+                                            vm->pid) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
  }
author	Michal Privoznik <mprivozn@redhat.com>
	Wed, 18 Jan 2017 08:50:14 +0000 (09:50 +0100)
committer	Michal Privoznik <mprivozn@redhat.com>
	Tue, 7 Feb 2017 09:40:53 +0000 (10:40 +0100)