[libvirt] [PATCH v2 0/4] Couple of seclabels improvements
John Ferlan
jferlan at redhat.com
Fri Jul 11 11:01:26 UTC 2014
On 07/10/2014 10:04 AM, Michal Privoznik wrote:
> diff to v1:
> - rework the 3rd patch
> - introduce one more bugfix
>
> Michal Privoznik (4):
> virSecurityLabelDef: substitute 'norelabel' with 'relabel'
> virSecurityDeviceLabelDef: substitute 'norelabel' with 'relabel'
> conf: Always format seclabel's model
> conf: Don't allow multiple seclabels for same model
>
> src/conf/domain_conf.c | 67 ++++++++++++----------
> src/security/security_apparmor.c | 10 ++--
> src/security/security_dac.c | 22 +++----
> src/security/security_manager.c | 2 +-
> src/security/security_selinux.c | 32 +++++------
> src/util/virseclabel.c | 2 +-
> src/util/virseclabel.h | 4 +-
> .../qemuxml2argv-seclabel-dynamic-none.xml | 28 +++++++++
> .../qemuxml2argv-seclabel-multiple.xml | 40 +++++++++++++
> tests/qemuxml2argvtest.c | 1 +
> tests/qemuxml2xmltest.c | 1 +
> 11 files changed, 142 insertions(+), 67 deletions(-)
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-none.xml
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-multiple.xml
>
There's a Coverity issue from these patches - it looks like perhaps
patch 1&2 were combined when submitted into commit id '13adf1b' which has:
virSecurityLabelDefPtr
virSecurityLabelDefNew(const char *model)
{
virSecurityLabelDefPtr seclabel = NULL;
if (VIR_ALLOC(seclabel) < 0 ||
VIR_STRDUP(seclabel->model, model) < 0) {
virSecurityLabelDefFree(seclabel);
seclabel = NULL;
}
+ seclabel->relabel = true;
+
return seclabel;
}
See the problem at all? It's a FORWARD_NULL on 'seclabel'.
John
More information about the libvir-list
mailing list