From 2b2f4867f47391a4b9e608d08db63b0fb4b70c14 Mon Sep 17 00:00:00 2001
Message-Id: <2b2f4867f47391a4b9e608d08db63b0fb4b70c14.1377873641.git.jdenemar@redhat.com>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Fri, 30 Aug 2013 11:14:46 +0100
Subject: [PATCH] Set security label on FD for virDomainOpenGraphics

For

  https://bugzilla.redhat.com/show_bug.cgi?id=999925

The virDomainOpenGraphics method accepts a UNIX socket FD from
the client app. It must set the label on this FD otherwise QEMU
will be prevented from receiving it with recvmsg.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit b6b94374b3bf6b44633ee99a68868141b6cd9ed8)
---
 src/qemu/qemu_driver.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 5634abf..99cce90 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -14841,6 +14841,10 @@ qemuDomainOpenGraphics(virDomainPtr dom,
         goto cleanup;
     }
 
+    if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
+                                          fd) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
     qemuDomainObjEnterMonitor(driver, vm);
-- 
1.8.3.2