[libvirt] [PATCH v2 1/4] security: Refactor virSecurityManagerGenLabel
Ján Tomko
jtomko at redhat.com
Wed Feb 11 08:35:53 UTC 2015
On Tue, Feb 10, 2015 at 05:17:33PM +0100, Erik Skultety wrote:
> Before we generate a security label (security driver with dynamic
> labeling) for a domain, we first check for domain's security model
> validity. We should also check devices' security model as well,
> therefore it might be better to move this chunk of code in a separate function
> which would check both the domain's security model and devices' security model.
The addition of this chunk should be a part of this commit. This way it
seems it just disappeared.
> This function would of course be called right before we try to generate
> a security label in qemuProcessStart/qemuProcessAttach
> ---
> src/security/security_manager.c | 20 +-------------------
> 1 file changed, 1 insertion(+), 19 deletions(-)
>
> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index 302f54d..000bc82 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -576,33 +576,15 @@ virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
> virDomainDefPtr vm)
> {
> int ret = -1;
> - size_t i, j;
> + size_t i;
> virSecurityManagerPtr* sec_managers = NULL;
> virSecurityLabelDefPtr seclabel;
> bool generated = false;
>
> - if (mgr == NULL || mgr->drv == NULL)
> - return ret;
> -
Can either of these conditions be true here? If so, we should leave
the check here (possibly add an error message), because GetNested
will dereference them.
If not, they should be cleaned up in a separate patch.
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150211/dc14c0a7/attachment-0001.sig>
More information about the libvir-list
mailing list