int i;
char *nodeset = NULL;
char *nodemask = NULL;
+ unsigned int stop_flags;
/* Okay, these are just internal flags,
* but doesn't hurt to check */
VIR_QEMU_PROCESS_START_PAUSED |
VIR_QEMU_PROCESS_START_AUTODESROY, -1);
+ /* From now on until domain security labeling is done:
+ * if any operation fails and we goto cleanup, we must not
+ * restore any security label as we would overwrite labels
+ * we did not set. */
+ stop_flags = VIR_QEMU_PROCESS_STOP_NO_RELABEL;
+
hookData.conn = conn;
hookData.vm = vm;
hookData.driver = driver;
vm->def, stdin_path) < 0)
goto cleanup;
+ /* Security manager labeled all devices, therefore
+ * if any operation from now on fails and we goto cleanup,
+ * where virSecurityManagerRestoreAllLabel() is called
+ * (hidden under qemuProcessStop) we need to restore labels. */
+ stop_flags &= ~VIR_QEMU_PROCESS_STOP_NO_RELABEL;
+
if (stdin_fd != -1) {
/* if there's an fd to migrate from, and it's a pipe, put the
* proper security label on it
VIR_FREE(nodemask);
virCommandFree(cmd);
VIR_FORCE_CLOSE(logfile);
- qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED, 0);
+ qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED, stop_flags);
return -1;
}
VIR_FREE(xml);
}
- /* Reset Security Labels */
- virSecurityManagerRestoreAllLabel(driver->securityManager,
- vm->def,
- flags & VIR_QEMU_PROCESS_STOP_MIGRATED);
+ /* Reset Security Labels unless caller don't want us to */
+ if (!(flags & VIR_QEMU_PROCESS_STOP_NO_RELABEL))
+ virSecurityManagerRestoreAllLabel(driver->securityManager,
+ vm->def,
+ flags & VIR_QEMU_PROCESS_STOP_MIGRATED);
virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
/* Clear out dynamically assigned labels */
projects / thirdparty / libvirt.git / commitdiff
