Since commit 714080791778e3dfbd484ccb3953bffd820b8ba9 we are generating socket path later than before -- when starting a domain. That makes one particular inconsistent state of a chardev, which was not possible before, currently valid. However, SELinux security driver forgot to guard the main restoring function by a check for NULL-paths. So make it no-op for NULL paths, as in the DAC driver. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1300532 Signed-off-by: Martin Kletzander <mkletzan@xxxxxxxxxx> --- src/security/security_selinux.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 9e986350fbb1..6a32f0a27f12 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1024,6 +1024,12 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr, char *newpath = NULL; char ebuf[1024]; + /* Some paths are auto-generated, so let's be safe here and do + * nothing if nothing is needed. + */ + if (!path) + return 0; + VIR_INFO("Restoring SELinux context on '%s'", path); if (virFileResolveLink(path, &newpath) < 0) { -- 2.7.0 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list