[libvirt] [PATCH 1/3] Ensure LXC security driver is set unconditonally

Stefan Berger stefanb at linux.vnet.ibm.com
Tue May 1 14:36:03 UTC 2012


On 05/01/2012 06:10 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange"<berrange at redhat.com>
>
> The driver->securityDriverName field may be NULL, if automatic
> probing is used to determine security driver. This meant that
> unless selinux was explicitly requested in lxc.conf, it was
> not being sent to the libvirt_lxc process.
>
> The driver->securityManager field is guaranteed non-NULL, since
> there will always be the 'none' security driver present if
> nothing else exists. So use that to set the driver name for
> libvirt_lxc
>
> Signed-off-by: Daniel P. Berrange<berrange at redhat.com>
> ---
>   src/lxc/lxc_driver.c |    4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
> index ffdd4ac..03783ff 100644
> --- a/src/lxc/lxc_driver.c
> +++ b/src/lxc/lxc_driver.c
> @@ -1616,8 +1616,8 @@ lxcBuildControllerCmd(lxc_driver_t *driver,
>           virCommandPreserveFD(cmd, ttyFDs[i]);
>       }
>
> -    if (driver->securityDriverName)
> -        virCommandAddArgPair(cmd, "--security", driver->securityDriverName);
> +    virCommandAddArgPair(cmd, "--security",
> +                         virSecurityManagerGetModel(driver->securityManager));
>
>       virCommandAddArg(cmd, "--handshake");
>       virCommandAddArgFormat(cmd, "%d", handshakefd);

ACK




More information about the libvir-list mailing list