[PATCH 2/2] security: Avoid calling virSecurityManagerCheckModel with NULL model
Jim Fehlig
jfehlig at suse.com
Thu Dec 3 02:57:15 UTC 2020
Attempting to create a domain with <seclabel type='none'/> results in
virsh --connect lxc:/// create distro_nosec.xml
error: Failed to create domain from distro_nosec.xml
error: unsupported configuration: Security driver model '(null)' is not available
With <seclabel type='none'/>, the model field of virSecurityLabelDef will
be NULL, causing virSecurityManagerCheckModel() to fail with the above
error. Avoid calling virSecurityManagerCheckModel() when they seclabel
type is VIR_DOMAIN_SECLABEL_NONE.
Signed-off-by: Jim Fehlig <jfehlig at suse.com>
---
This could also be fixed by checking for a NULL secmodel in
virSecurityManagerCheckModel, but it seems more appropriate to check for
a valid seclabel type before checking the model.
src/security/security_manager.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index be81ee5e44..789e24d273 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -781,6 +781,9 @@ virSecurityManagerCheckDomainLabel(virSecurityManagerPtr mgr,
size_t i;
for (i = 0; i < def->nseclabels; i++) {
+ if (def->seclabels[i]->type == VIR_DOMAIN_SECLABEL_NONE)
+ continue;
+
if (virSecurityManagerCheckModel(mgr, def->seclabels[i]->model) < 0)
return -1;
}
--
2.29.2
More information about the libvir-list
mailing list