qemuDomainSetLifecycleAction: Forbid live update of 'on_reboot'

Without the ability to tell qemu to change the behaviour on reboot of
the guest it's fundamentally unsafe to change the action as the guest
would be able to execute instructions after the reboot before libvirt
terminates it due to the async nature of QMP events.

Stricten the code for now until we implement support for 'set-action'
QMP command.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

src/qemu/qemu_driver.c

@@ -19669,10 +19669,11 @@ qemuDomainSetLifecycleAction(virDomainPtr dom,
         goto endjob;
 
     if (def) {
-        if (priv->allowReboot == VIR_TRISTATE_BOOL_NO) {
+        if (priv->allowReboot == VIR_TRISTATE_BOOL_NO ||
+            (type == VIR_DOMAIN_LIFECYCLE_REBOOT &&
+             def->onReboot != action)) {
             virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
-                           _("cannot update lifecycle action because QEMU "
-                             "was started with -no-reboot option"));
+                           _("cannot update lifecycle action because QEMU was started with incompatible -no-reboot setting"));
             goto endjob;
         }