[libvirt] [PATCH] apparmor: avoid copying empty profile name
Michal Privoznik
mprivozn at redhat.com
Fri Sep 13 14:18:19 UTC 2019
On 9/9/19 6:26 PM, Jim Fehlig wrote:
> AppArmorGetSecurityProcessLabel copies the VM's profile name to the
> label member of virSecurityLabel struct. If the profile is not loaded,
> the name is set empty before calling virStrcpy to copy it. However,
> virStrcpy will fail if src is empty (0 length), causing
> AppArmorGetSecurityProcessLabel to needlessly fail. Simple operations
> that report security driver information will subsequently fail
>
> virsh dominfo test
> Id: 248
> Name: test
> ...
> Security model: apparmor
> Security DOI: 0
> error: internal error: error copying profile name
>
> Avoid copying an empty profile name when the profile is not loaded.
>
> Signed-off-by: Jim Fehlig <jfehlig at suse.com>
> ---
> src/security/security_apparmor.c | 15 +++++++--------
> 1 file changed, 7 insertions(+), 8 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
Michal
More information about the libvir-list
mailing list