[libvirt] [PATCH] Ensure QEMU DAC security driver is activated at all times

Daniel Veillard veillard at redhat.com
Tue Feb 2 16:37:56 UTC 2010


On Tue, Feb 02, 2010 at 04:20:39PM +0000, Daniel P. Berrange wrote:
> If the primary security driver (SELinux/AppArmour) was disabled
> then the secondary QEMU DAC security driver was also disabled.
> This is mistaken, because the latter must be active at all times
> 
> * src/qemu/qemu_driver.c: Ensure DAC driver is always active
> ---
>  src/qemu/qemu_driver.c |   22 ++++++++++++----------
>  1 files changed, 12 insertions(+), 10 deletions(-)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 16e9b56..a9313e7 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -897,26 +897,28 @@ qemudSecurityInit(struct qemud_driver *qemud_drv)
>      int ret;
>      virSecurityDriverPtr security_drv;
>  
> +    qemuSecurityStackedSetDriver(qemud_drv);
> +    qemuSecurityDACSetDriver(qemud_drv);
> +
>      ret = virSecurityDriverStartup(&security_drv,
>                                     qemud_drv->securityDriverName);
>      if (ret == -1) {
>          VIR_ERROR0(_("Failed to start security driver"));
>          return -1;
>      }
> -    /* No security driver wanted to be enabled: just return */
> +
> +    /* No primary security driver wanted to be enabled: just setup
> +     * the DAC driver on its own */
>      if (ret == -2) {
> +        qemud_drv->securityDriver = &qemuDACSecurityDriver;
>          VIR_INFO0(_("No security driver available"));
> -        return 0;
> +    } else {
> +        qemud_drv->securityPrimaryDriver = security_drv;
> +        qemud_drv->securitySecondaryDriver = &qemuDACSecurityDriver;
> +        qemud_drv->securityDriver = &qemuStackedSecurityDriver;
> +        VIR_INFO("Initialized security driver %s", security_drv->name);
>      }
>  
> -    qemuSecurityStackedSetDriver(qemud_drv);
> -    qemuSecurityDACSetDriver(qemud_drv);
> -
> -    qemud_drv->securityPrimaryDriver = security_drv;
> -    qemud_drv->securitySecondaryDriver = &qemuDACSecurityDriver;
> -    qemud_drv->securityDriver = &qemuStackedSecurityDriver;
> -
> -    VIR_INFO("Initialized security driver %s", security_drv->name);
>      return 0;
>  }
>  

  Okay, understood, ACK,

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel at veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/




More information about the libvir-list mailing list