Re: [PATCH] Don't error when attaching security label of model "none"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jul 13, 2016 at 11:18:28AM +0100, Daniel P. Berrange wrote:

If you invoke virDomainLxcEnterSecurityLabel() on security
model of "none" it will report an error. Logically a "none"
security model should be treated as a no-op, so we should
just return success immediately, instead of an error.

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
src/libvirt-lxc.c | 2 ++
1 file changed, 2 insertions(+)



ACK for this, just one question though.  Shouldn't there be support for
DAC as well or is that done by default somewhere else?


diff --git a/src/libvirt-lxc.c b/src/libvirt-lxc.c
index 16e08e9..c487ece 100644
--- a/src/libvirt-lxc.c
+++ b/src/libvirt-lxc.c
@@ -257,6 +257,8 @@ virDomainLxcEnterSecurityLabel(virSecurityModelPtr model,
                       _("Support for AppArmor is not enabled"));
        goto error;
#endif
+    } else if (STREQ(model->model, "none")) {
+        /* nothing todo */
    } else {
        virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
                       _("Security model %s cannot be entered"),
--
2.7.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

Attachment: signature.asc
Description: Digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]