From: Guannan Ren <gren@redhat.com>
Date: Fri, 19 Oct 2012 08:44:30 +0000 (+0800)
Subject: selinux: relabel tapfd in qemuPhysIfaceConnect
X-Git-Tag: v0.10.2.1~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cefa64cafd63c4426ddb5cbc9ca360a432d46022;p=thirdparty%2Flibvirt.git

selinux: relabel tapfd in qemuPhysIfaceConnect

Relabeling tapfd right after the tap device is created.
qemuPhysIfaceConnect is common function called both for static
netdevs and for hotplug netdevs.
(cherry picked from commit 4492ef7f485a7d42d84a714d2150e648b11e2740)
---

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index d2288575be..755f8278de 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -170,12 +170,26 @@ qemuPhysIfaceConnect(virDomainDefPtr def,
         vmop, driver->stateDir,
         virDomainNetGetActualBandwidth(net));
     if (rc >= 0) {
+        if (virSecurityManagerSetTapFDLabel(driver->securityManager,
+                                            def, rc) < 0)
+            goto error;
+
         virDomainAuditNetDevice(def, net, res_ifname, true);
         VIR_FREE(net->ifname);
         net->ifname = res_ifname;
     }
 
     return rc;
+
+error:
+    ignore_value(virNetDevMacVLanDeleteWithVPortProfile(
+                     res_ifname, &net->mac,
+                     virDomainNetGetActualDirectDev(net),
+                     virDomainNetGetActualDirectMode(net),
+                     virDomainNetGetActualVirtPortProfile(net),
+                     driver->stateDir));
+    VIR_FREE(res_ifname);
+    return -1;
 }
 
 
@@ -5474,10 +5488,6 @@ qemuBuildCommandLine(virConnectPtr conn,
                 if (tapfd < 0)
                     goto error;
 
-                if (virSecurityManagerSetTapFDLabel(driver->securityManager,
-                                                    def, tapfd) < 0)
-                    goto error;
-
                 last_good_net = i;
                 virCommandTransferFD(cmd, tapfd);