[PATCH] lxc: Set default security model in XML parser config
Michal Privoznik
mprivozn at redhat.com
Fri Dec 4 08:45:54 UTC 2020
On 12/4/20 12:25 AM, Jim Fehlig wrote:
> Attempting to create a lxc domain with <seclabel type='none'/> fails
>
> virsh --connect lxc:/// create distro_nosec.xml
> error: Failed to create domain from distro_nosec.xml
> error: unsupported configuration: Security driver model '(null)' is not available
>
> The lxc driver does not set a default security driver model in the XML
> parser config, causing seclabels of type='none' to have a null model.
> The lxc driver's security manager is initialized in lxcStateInitialize()
> by calling lxcSecurityInit(). Use the model of this manager as the
> default in the XML parser config.
>
> Signed-off-by: Jim Fehlig <jfehlig at suse.com>
> ---
>
> Kind'a, sort'a a V2 of
>
> https://www.redhat.com/archives/libvir-list/2020-December/msg00186.html
>
> It's quite a different approach to solving the problem than that patch.
>
> src/lxc/lxc_conf.c | 3 ++-
> src/lxc/lxc_conf.h | 3 ++-
> src/lxc/lxc_controller.c | 2 +-
> src/lxc/lxc_driver.c | 5 ++++-
> tests/testutilslxc.c | 2 +-
> 5 files changed, 10 insertions(+), 5 deletions(-)
>
> }
> diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
> index d0503ef2ea..9d94c703ea 100644
> --- a/src/lxc/lxc_driver.c
> +++ b/src/lxc/lxc_driver.c
> @@ -1470,6 +1470,7 @@ static int lxcStateInitialize(bool privileged,
> {
> virLXCDriverConfigPtr cfg = NULL;
> bool autostart = true;
> + const char *defsecmodel;
>
> if (root != NULL) {
> virReportError(VIR_ERR_INVALID_ARG, "%s",
> @@ -1525,7 +1526,9 @@ static int lxcStateInitialize(bool privileged,
> if (!(lxc_driver->hostdevMgr = virHostdevManagerGetDefault()))
> goto cleanup;
>
> - if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver)))
> + defsecmodel = virSecurityManagerGetModel(lxc_driver->securityManager);
> +
Some trailing spaces.
> + if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver, defsecmodel)))
> goto cleanup;
Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
Michal
More information about the libvir-list
mailing list