43fe83
From 2b2f4867f47391a4b9e608d08db63b0fb4b70c14 Mon Sep 17 00:00:00 2001
43fe83
Message-Id: <2b2f4867f47391a4b9e608d08db63b0fb4b70c14.1377873641.git.jdenemar@redhat.com>
43fe83
From: "Daniel P. Berrange" <berrange@redhat.com>
43fe83
Date: Fri, 30 Aug 2013 11:14:46 +0100
43fe83
Subject: [PATCH] Set security label on FD for virDomainOpenGraphics
43fe83
43fe83
For
43fe83
43fe83
  https://bugzilla.redhat.com/show_bug.cgi?id=999925
43fe83
43fe83
The virDomainOpenGraphics method accepts a UNIX socket FD from
43fe83
the client app. It must set the label on this FD otherwise QEMU
43fe83
will be prevented from receiving it with recvmsg.
43fe83
43fe83
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
43fe83
(cherry picked from commit b6b94374b3bf6b44633ee99a68868141b6cd9ed8)
43fe83
---
43fe83
 src/qemu/qemu_driver.c | 4 ++++
43fe83
 1 file changed, 4 insertions(+)
43fe83
43fe83
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
43fe83
index 5634abf..99cce90 100644
43fe83
--- a/src/qemu/qemu_driver.c
43fe83
+++ b/src/qemu/qemu_driver.c
43fe83
@@ -14841,6 +14841,10 @@ qemuDomainOpenGraphics(virDomainPtr dom,
43fe83
         goto cleanup;
43fe83
     }
43fe83
 
43fe83
+    if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
43fe83
+                                          fd) < 0)
43fe83
+        goto cleanup;
43fe83
+
43fe83
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
43fe83
         goto cleanup;
43fe83
     qemuDomainObjEnterMonitor(driver, vm);
43fe83
-- 
43fe83
1.8.3.2
43fe83