On Tue, Feb 10, 2015 at 05:17:33PM +0100, Erik Skultety wrote:
> Before we generate a security label (security driver with dynamic
> labeling) for a domain, we first check for domain's security model
> validity. We should also check devices' security model as well,
> therefore it might be better to move this chunk of code in a separate function
> which would check both the domain's security model and devices' security model.
The addition of this chunk should be a part of this commit. This way it
seems it just disappeared.
> This function would of course be called right before we try to generate
> a security label in qemuProcessStart/qemuProcessAttach
> ---
> src/security/security_manager.c | 20 +-------------------
> 1 file changed, 1 insertion(+), 19 deletions(-)
>
> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index 302f54d..000bc82 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -576,33 +576,15 @@ virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
> virDomainDefPtr vm)
> {
> int ret = -1;
> - size_t i, j;
> + size_t i;
> virSecurityManagerPtr* sec_managers = NULL;
> virSecurityLabelDefPtr seclabel;
> bool generated = false;
>
> - if (mgr == NULL || mgr->drv == NULL)
> - return ret;
> -
Can either of these conditions be true here? If so, we should leave
the check here (possibly add an error message), because GetNested
will dereference them.
If not, they should be cleaned up in a separate patch.
Jan
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list