From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 23 Nov 2023 13:07:48 +0000 (+0100)
Subject: qemu: hotplug: Detect disk backing images before setting up security access
X-Git-Tag: v9.10.0-rc1~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94f1883c8993a14eb2c9b93048e326665c9f3826;p=thirdparty%2Flibvirt.git

qemu: hotplug: Detect disk backing images before setting up security access

The VM will require access also to the detected images. Unfortunately a
recent reordering of the code introduced a bug where the backing chain
was probed after setting up cgroups/selinux/namespaces, which caused
that any detected images were not allowed/added and qemu was then not
able to use them.

Fixes: 9b8bb536ff999fa61e41869bd98a026b8e23378f
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index f197a9d5ff..4e2fc724c0 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1001,17 +1001,17 @@ qemuDomainAttachDeviceDiskLiveInternal(virQEMUDriver *driver,
         goto cleanup;
 
     if (!virStorageSourceIsEmpty(disk->src)) {
-        if (qemuDomainStorageSourceChainAccessAllow(driver, vm, disk->src) < 0)
-            goto cleanup;
-
-        releaseSeclabel = true;
-
         if (qemuDomainPrepareDiskSource(disk, priv, cfg) < 0)
             goto cleanup;
 
         if (qemuDomainDetermineDiskChain(driver, vm, disk, NULL) < 0)
             goto cleanup;
 
+        if (qemuDomainStorageSourceChainAccessAllow(driver, vm, disk->src) < 0)
+            goto cleanup;
+
+        releaseSeclabel = true;
+
         if (qemuProcessPrepareHostStorageDisk(vm, disk) < 0)
             goto cleanup;