qemu: hotplug: Detect disk backing images before setting up security access

The VM will require access also to the detected images. Unfortunately a
recent reordering of the code introduced a bug where the backing chain
was probed after setting up cgroups/selinux/namespaces, which caused
that any detected images were not allowed/added and qemu was then not
able to use them.

Fixes: 9b8bb536ff999fa61e41869bd98a026b8e23378f
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index f197a9d5ffc83632aa21172c7e02d39e419c31c7..4e2fc724c03a01d3d7197f52d1f7a828dfc1cee9 100644 (file)
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1001,17 +1001,17 @@ qemuDomainAttachDeviceDiskLiveInternal(virQEMUDriver *driver,
         goto cleanup;
 
     if (!virStorageSourceIsEmpty(disk->src)) {
-        if (qemuDomainStorageSourceChainAccessAllow(driver, vm, disk->src) < 0)
-            goto cleanup;
-
-        releaseSeclabel = true;
-
         if (qemuDomainPrepareDiskSource(disk, priv, cfg) < 0)
             goto cleanup;
 
         if (qemuDomainDetermineDiskChain(driver, vm, disk, NULL) < 0)
             goto cleanup;
 
+        if (qemuDomainStorageSourceChainAccessAllow(driver, vm, disk->src) < 0)
+            goto cleanup;
+
+        releaseSeclabel = true;
+
         if (qemuProcessPrepareHostStorageDisk(vm, disk) < 0)
             goto cleanup;