On Thu, Dec 03, 2020 at 04:25:42PM -0700, Jim Fehlig wrote: > Attempting to create a lxc domain with <seclabel type='none'/> fails > > virsh --connect lxc:/// create distro_nosec.xml > error: Failed to create domain from distro_nosec.xml > error: unsupported configuration: Security driver model '(null)' is not available Is this a regression, or has it always been broken like this ? > > The lxc driver does not set a default security driver model in the XML > parser config, causing seclabels of type='none' to have a null model. > The lxc driver's security manager is initialized in lxcStateInitialize() > by calling lxcSecurityInit(). Use the model of this manager as the > default in the XML parser config. > > Signed-off-by: Jim Fehlig <jfehlig@xxxxxxxx> > --- > > Kind'a, sort'a a V2 of > > https://www.redhat.com/archives/libvir-list/2020-December/msg00186.html > > It's quite a different approach to solving the problem than that patch. > > src/lxc/lxc_conf.c | 3 ++- > src/lxc/lxc_conf.h | 3 ++- > src/lxc/lxc_controller.c | 2 +- > src/lxc/lxc_driver.c | 5 ++++- > tests/testutilslxc.c | 2 +- > 5 files changed, 10 insertions(+), 5 deletions(-) > > diff --git a/src/lxc/lxc_conf.c b/src/lxc/lxc_conf.c > index 13da6c4586..e6ad91205e 100644 > --- a/src/lxc/lxc_conf.c > +++ b/src/lxc/lxc_conf.c > @@ -209,9 +209,10 @@ virCapsPtr virLXCDriverGetCapabilities(virLXCDriverPtr driver, > > > virDomainXMLOptionPtr > -lxcDomainXMLConfInit(virLXCDriverPtr driver) > +lxcDomainXMLConfInit(virLXCDriverPtr driver, const char *defsecmodel) > { > virLXCDriverDomainDefParserConfig.priv = driver; > + virLXCDriverDomainDefParserConfig.defSecModel = defsecmodel; > return virDomainXMLOptionNew(&virLXCDriverDomainDefParserConfig, > &virLXCDriverPrivateDataCallbacks, > &virLXCDriverDomainXMLNamespace, > diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h > index f2f0e0a570..664bafc7b9 100644 > --- a/src/lxc/lxc_conf.h > +++ b/src/lxc/lxc_conf.h > @@ -112,7 +112,8 @@ int virLXCLoadDriverConfig(virLXCDriverConfigPtr cfg, > virCapsPtr virLXCDriverCapsInit(virLXCDriverPtr driver); > virCapsPtr virLXCDriverGetCapabilities(virLXCDriverPtr driver, > bool refresh); > -virDomainXMLOptionPtr lxcDomainXMLConfInit(virLXCDriverPtr driver); > +virDomainXMLOptionPtr lxcDomainXMLConfInit(virLXCDriverPtr driver, > + const char *defsecmodel); > > static inline void lxcDriverLock(virLXCDriverPtr driver) > { > diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c > index 97de0408b6..67e5e63d00 100644 > --- a/src/lxc/lxc_controller.c > +++ b/src/lxc/lxc_controller.c > @@ -169,7 +169,7 @@ virLXCControllerDriverNew(void) > } > > driver->caps = virLXCDriverCapsInit(NULL); > - driver->xmlopt = lxcDomainXMLConfInit(driver); > + driver->xmlopt = lxcDomainXMLConfInit(driver, NULL); > > return driver; > } > diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c > index d0503ef2ea..9d94c703ea 100644 > --- a/src/lxc/lxc_driver.c > +++ b/src/lxc/lxc_driver.c > @@ -1470,6 +1470,7 @@ static int lxcStateInitialize(bool privileged, > { > virLXCDriverConfigPtr cfg = NULL; > bool autostart = true; > + const char *defsecmodel; > > if (root != NULL) { > virReportError(VIR_ERR_INVALID_ARG, "%s", > @@ -1525,7 +1526,9 @@ static int lxcStateInitialize(bool privileged, > if (!(lxc_driver->hostdevMgr = virHostdevManagerGetDefault())) > goto cleanup; > > - if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver))) > + defsecmodel = virSecurityManagerGetModel(lxc_driver->securityManager); > + > + if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver, defsecmodel))) > goto cleanup; > > if (!(lxc_driver->closeCallbacks = virCloseCallbacksNew())) > diff --git a/tests/testutilslxc.c b/tests/testutilslxc.c > index b5e2f542e7..e15ea2bd32 100644 > --- a/tests/testutilslxc.c > +++ b/tests/testutilslxc.c > @@ -71,7 +71,7 @@ testLXCDriverInit(void) > } > > driver->caps = testLXCCapsInit(); > - driver->xmlopt = lxcDomainXMLConfInit(driver); > + driver->xmlopt = lxcDomainXMLConfInit(driver, NULL); > > return driver; > } > -- > 2.29.2 > > Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
