[libvirt] [PATCHv2] qemu: Clean up security driver initialisation and config file
Daniel Veillard
veillard at redhat.com
Thu Aug 30 12:25:02 UTC 2012
On Thu, Aug 30, 2012 at 02:13:01PM +0200, Peter Krempa wrote:
> Commit d0c0e79ac646462aaa815f81ad324a0d3ef12954 left behind some dead
> code (hasDAC can't be efectively set to true, because
> virSecurityManagerNew fails to load the "dac" driver).
>
> This patch also enhances the condition for adding the default
> auto-detected security manager if the manager array is allocated but
> empty.
>
> Also the configuration file for qemu driver still contains reference to
> the DAC driver that can't be enabled manualy.
> ---
> src/qemu/qemu.conf | 4 +++-
> src/qemu/qemu_driver.c | 9 +++------
> 2 files changed, 6 insertions(+), 7 deletions(-)
>
> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
> index fb22b7c..d3175fa 100644
> --- a/src/qemu/qemu.conf
> +++ b/src/qemu/qemu.conf
> @@ -162,7 +162,9 @@
> # driver at the same time, for this use a list of names separated by
> # comma and delimited by square brackets. For example:
> #
> -# security_driver = [ "selinux", "dac" ]
> +# security_driver = [ "selinux", "apparmor" ]
> +#
> +# Note: The DAC security driver is always enabled.
> #
> #security_driver = "selinux"
>
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 5d9f8c9..7c0a5c3 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -251,14 +251,11 @@ qemuSecurityInit(struct qemud_driver *driver)
> char **names;
> virSecurityManagerPtr mgr = NULL;
> virSecurityManagerPtr stack = NULL;
> - bool hasDAC = false;
>
> - if (driver->securityDriverNames) {
> + if (driver->securityDriverNames &&
> + driver->securityDriverNames[0]) {
> names = driver->securityDriverNames;
> while (names && *names) {
> - if (STREQ("dac", *names))
> - hasDAC = true;
> -
> if (!(mgr = virSecurityManagerNew(*names,
> QEMU_DRIVER_NAME,
> driver->allowDiskFormatProbing,
> @@ -287,7 +284,7 @@ qemuSecurityInit(struct qemud_driver *driver)
> mgr = NULL;
> }
>
> - if (!hasDAC && driver->privileged) {
> + if (driver->privileged) {
> if (!(mgr = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
> driver->user,
> driver->group,
ACK :-)
thanks !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list