Overview

File a58e1cb4-container-cleanup.patch of Package libvirt.11411

From a58e1cb40a86f438d82649d5a26f591e226bac29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Thu, 18 Dec 2014 15:42:06 +0100
Subject: [PATCH] Fix error when starting a container after an error

The typical case for the problem is starting a domain needing a network
that isn't started. Even after starting the network, we get an unknown error
when starting the container.

This is due to dynamic security label not being removed.
---
 src/lxc/lxc_process.c | 1 +
 1 file changed, 1 insertion(+)

Index: libvirt-1.2.5/src/lxc/lxc_process.c
===================================================================
--- libvirt-1.2.5.orig/src/lxc/lxc_process.c
+++ libvirt-1.2.5/src/lxc/lxc_process.c
@@ -1031,6 +1031,7 @@ int virLXCProcessStart(virConnectPtr con
     virLXCDriverConfigPtr cfg = virLXCDriverGetConfig(driver);
     virCgroupPtr selfcgroup;
     int status;
+    bool clearSeclabel = false;
 
     if (virCgroupNewSelf(&selfcgroup) < 0)
         return -1;
@@ -1132,6 +1133,10 @@ int virLXCProcessStart(virConnectPtr con
     /* If you are using a SecurityDriver with dynamic labelling,
        then generate a security label for isolation */
     VIR_DEBUG("Generating domain security label (if required)");
+
+    clearSeclabel = vm->def->nseclabels == 0 ||
+                    vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT;
+
     if (vm->def->nseclabels &&
         vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT)
         vm->def->seclabels[0]->type = VIR_DOMAIN_SECLABEL_NONE;
@@ -1387,10 +1392,12 @@ int virLXCProcessStart(virConnectPtr con
         virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
         /* Clear out dynamically assigned labels */
         if (vm->def->nseclabels &&
-            vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
+            (vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC ||
+            clearSeclabel)) {
             VIR_FREE(vm->def->seclabels[0]->model);
             VIR_FREE(vm->def->seclabels[0]->label);
             VIR_FREE(vm->def->seclabels[0]->imagelabel);
+            VIR_DELETE_ELEMENT(vm->def->seclabels, 0, vm->def->nseclabels);
         }
     }
     for (i = 0; i < nttyFDs; i++)
openSUSE Build Service is sponsored by
Places