[libvirt] [PATCH 2/2] security: Driver 'none' cannot create confined guests
eblake at redhat.com
Tue Feb 7 20:39:17 UTC 2012
On 02/07/2012 01:10 PM, Jiri Denemark wrote:
> In case the caller specifies that confined guests are required but the
> security driver turns out to be 'none', we should return an error since
> this driver clearly cannot meet that requirement. As a result of this
> error, libvirtd fails to start when the host admin explicitly sets
> confined guests are required but there is no security driver available.
> Since security driver 'none' cannot create confined guests, we override
> default confined setting so that hypervisor drivers do not thing they
> should create confined guests.
> src/security/security_manager.c | 20 ++++++++++++++++++++
> tests/seclabeltest.c | 2 +-
> 2 files changed, 21 insertions(+), 1 deletions(-)
ACK that this fixes the issue, but I'm wondering whether we should move
the logic that rejects requireConfig out of security_manager.c and into
security_nop.c:virSecurityDriverOpenNop(). That is, the special casing
is a property of the 'none' security manager. Is it worth a v2 patch
that moves the error messages in that manner?
> +++ b/tests/seclabeltest.c
> @@ -13,7 +13,7 @@ main (int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED)
> virSecurityManagerPtr mgr;
> const char *doi, *model;
> - mgr = virSecurityManagerNew(NULL, false, true, true);
> + mgr = virSecurityManagerNew(NULL, false, true, false);
And here's a classic example that proves Laine's point that any
interface with more than one bool parameter is hard to read (you have to
check the implementation), compared to consolidating those into a flags
argument. But no need to change the signature for this particular patch.
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 620 bytes
Desc: OpenPGP digital signature
More information about the libvir-list