[libvirt] [PATCH 3/3] security_dac: Don't return uninitialised value when parsing seclabels
Peter Krempa
pkrempa at redhat.com
Tue Aug 28 16:51:36 UTC 2012
When starting a machine the DAC security driver tries to set the UID and
GID of the newly spawned process. This worked as desired if the desired
label was set. When the label was missing a logical bug in
virSecurityDACGenLabel() caused that uninitialised values were used as
uid and gid for the new process.
With this patch, default values (from qemu driver configuration)
are used if the label is not found.
---
src/security/security_dac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 4162e26..2527759 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -101,7 +101,7 @@ int virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
return -1;
seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
- if (seclabel == NULL) {
+ if (seclabel == NULL || seclabel->label == NULL) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label for DAC not found in domain %s"),
def->name);
--
1.7.12
More information about the libvir-list
mailing list