Even though we are getting driver capabilities with refresh=false (so that it is not expensive), we still should do ACL check first because there is no point in bothering with the capabilities if caller doesn't have permissions to call the API. Also, this way the comment makes more sense. Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> --- src/qemu/qemu_driver.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index a9e8f660c7..96ec84bd1c 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -5934,14 +5934,12 @@ static int qemuNodeGetSecurityModel(virConnectPtr conn, memset(secmodel, 0, sizeof(*secmodel)); - if (!(caps = virQEMUDriverGetCapabilities(driver, false))) - return 0; - if (virNodeGetSecurityModelEnsureACL(conn) < 0) return 0; /* We treat no driver as success, but simply return no data in *secmodel */ - if (caps->host.nsecModels == 0 || + if (!(caps = virQEMUDriverGetCapabilities(driver, false)) || + caps->host.nsecModels == 0 || caps->host.secModels[0].model == NULL) return 0; -- 2.26.2