Attempting to create a lxc domain with <seclabel type='none'/> fails virsh --connect lxc:/// create distro_nosec.xml error: Failed to create domain from distro_nosec.xml error: unsupported configuration: Security driver model '(null)' is not available The lxc driver does not set a default security driver model in the XML parser config, causing seclabels of type='none' to have a null model. The lxc driver's security manager is initialized in lxcStateInitialize() by calling lxcSecurityInit(). Use the model of this manager as the default in the XML parser config. Signed-off-by: Jim Fehlig <jfehlig@xxxxxxxx> --- Kind'a, sort'a a V2 of https://www.redhat.com/archives/libvir-list/2020-December/msg00186.html It's quite a different approach to solving the problem than that patch. src/lxc/lxc_conf.c | 3 ++- src/lxc/lxc_conf.h | 3 ++- src/lxc/lxc_controller.c | 2 +- src/lxc/lxc_driver.c | 5 ++++- tests/testutilslxc.c | 2 +- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/lxc/lxc_conf.c b/src/lxc/lxc_conf.c index 13da6c4586..e6ad91205e 100644 --- a/src/lxc/lxc_conf.c +++ b/src/lxc/lxc_conf.c @@ -209,9 +209,10 @@ virCapsPtr virLXCDriverGetCapabilities(virLXCDriverPtr driver, virDomainXMLOptionPtr -lxcDomainXMLConfInit(virLXCDriverPtr driver) +lxcDomainXMLConfInit(virLXCDriverPtr driver, const char *defsecmodel) { virLXCDriverDomainDefParserConfig.priv = driver; + virLXCDriverDomainDefParserConfig.defSecModel = defsecmodel; return virDomainXMLOptionNew(&virLXCDriverDomainDefParserConfig, &virLXCDriverPrivateDataCallbacks, &virLXCDriverDomainXMLNamespace, diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h index f2f0e0a570..664bafc7b9 100644 --- a/src/lxc/lxc_conf.h +++ b/src/lxc/lxc_conf.h @@ -112,7 +112,8 @@ int virLXCLoadDriverConfig(virLXCDriverConfigPtr cfg, virCapsPtr virLXCDriverCapsInit(virLXCDriverPtr driver); virCapsPtr virLXCDriverGetCapabilities(virLXCDriverPtr driver, bool refresh); -virDomainXMLOptionPtr lxcDomainXMLConfInit(virLXCDriverPtr driver); +virDomainXMLOptionPtr lxcDomainXMLConfInit(virLXCDriverPtr driver, + const char *defsecmodel); static inline void lxcDriverLock(virLXCDriverPtr driver) { diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 97de0408b6..67e5e63d00 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -169,7 +169,7 @@ virLXCControllerDriverNew(void) } driver->caps = virLXCDriverCapsInit(NULL); - driver->xmlopt = lxcDomainXMLConfInit(driver); + driver->xmlopt = lxcDomainXMLConfInit(driver, NULL); return driver; } diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index d0503ef2ea..9d94c703ea 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1470,6 +1470,7 @@ static int lxcStateInitialize(bool privileged, { virLXCDriverConfigPtr cfg = NULL; bool autostart = true; + const char *defsecmodel; if (root != NULL) { virReportError(VIR_ERR_INVALID_ARG, "%s", @@ -1525,7 +1526,9 @@ static int lxcStateInitialize(bool privileged, if (!(lxc_driver->hostdevMgr = virHostdevManagerGetDefault())) goto cleanup; - if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver))) + defsecmodel = virSecurityManagerGetModel(lxc_driver->securityManager); + + if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver, defsecmodel))) goto cleanup; if (!(lxc_driver->closeCallbacks = virCloseCallbacksNew())) diff --git a/tests/testutilslxc.c b/tests/testutilslxc.c index b5e2f542e7..e15ea2bd32 100644 --- a/tests/testutilslxc.c +++ b/tests/testutilslxc.c @@ -71,7 +71,7 @@ testLXCDriverInit(void) } driver->caps = testLXCCapsInit(); - driver->xmlopt = lxcDomainXMLConfInit(driver); + driver->xmlopt = lxcDomainXMLConfInit(driver, NULL); return driver; } -- 2.29.2
