Re: [libvirt] [PATCH 03/12] Fix leak of allocated security label

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 20, 2010 at 03:15:00PM +0000, Daniel P. Berrange wrote:
> If a VM fails to start, we can't simply free the security label
> strings, we must call the domainReleaseSecurityLabel() method
> otherwise the reserved 'mcs' level will be leaked in SElinux
> 
> * src/qemu/qemu_driver.c: Invoke domainReleaseSecurityLabel()
>   when domain fails to start
> ---
>  src/qemu/qemu_driver.c |    8 +++-----
>  1 files changed, 3 insertions(+), 5 deletions(-)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index b67abf1..6c66b22 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -2978,11 +2978,9 @@ cleanup:
>      /* We jump here if we failed to start the VM for any reason
>       * XXX investigate if we can kill this block and safely call
>       * qemudShutdownVMDaemon even though no PID is running */
> -    if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
> -        VIR_FREE(vm->def->seclabel.model);
> -        VIR_FREE(vm->def->seclabel.label);
> -        VIR_FREE(vm->def->seclabel.imagelabel);
> -    }
> +    if (driver->securityDriver &&
> +        driver->securityDriver->domainReleaseSecurityLabel)
> +        driver->securityDriver->domainReleaseSecurityLabel(conn, vm);
>      qemuRemoveCgroup(conn, driver, vm, 0);
>      if ((vm->def->ngraphics == 1) &&
>          vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&

  ACK,

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel@xxxxxxxxxxxx  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]