From 06e788e518c7fb326857bbbf3bea8e7e59e5f875 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 11 Mar 2014 15:14:26 +0000
Subject: [PATCH] Fix sec label setup when attaching to QEMU processes

When attaching to a QEMU process, the def->seclabels array is
going to be empty. The qemuProcessAttach method must thus
populate it with data for the security drivers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 src/qemu/qemu_process.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 1f008409a0..04c45d6ba9 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4479,6 +4479,7 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
     virDomainPausedReason reason;
     virSecurityLabelPtr seclabel = NULL;
     virSecurityLabelDefPtr seclabeldef = NULL;
+    bool seclabelgen = false;
     virSecurityManagerPtr* sec_managers = NULL;
     const char *model;
     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
@@ -4529,10 +4530,14 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
         goto error;
 
     for (i = 0; sec_managers[i]; i++) {
+        seclabelgen = false;
         model = virSecurityManagerGetModel(sec_managers[i]);
         seclabeldef = virDomainDefGetSecurityLabelDef(vm->def, model);
-        if (seclabeldef == NULL)
-            goto error;
+        if (seclabeldef == NULL) {
+            if (!(seclabeldef = virDomainDefGenSecurityLabelDef(model)))
+                goto error;
+            seclabelgen = true;
+        }
         seclabeldef->type = VIR_DOMAIN_SECLABEL_STATIC;
         if (VIR_ALLOC(seclabel) < 0)
             goto error;
@@ -4546,6 +4551,12 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
         if (VIR_STRDUP(seclabeldef->label, seclabel->label) < 0)
             goto error;
         VIR_FREE(seclabel);
+
+        if (seclabelgen) {
+            if (VIR_APPEND_ELEMENT(vm->def->seclabels, vm->def->nseclabels, seclabeldef) < 0)
+                goto error;
+            seclabelgen = false;
+        }
     }
 
     VIR_DEBUG("Creating domain log file");
@@ -4692,6 +4703,8 @@ error:
     VIR_FORCE_CLOSE(logfile);
     VIR_FREE(seclabel);
     VIR_FREE(sec_managers);
+    if (seclabelgen)
+        virSecurityLabelDefFree(seclabeldef);
     virDomainChrSourceDefFree(monConfig);
     virObjectUnref(cfg);
     virObjectUnref(caps);
-- 
2.47.2