On 3/11/25 12:59, Peter Krempa wrote: > If 'vm->def->sec->sectype' would be invalid; which is currently not > possible; we'd not unlock the domain object. Fix the logic even when the > bug currently can't happen. > > Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> > --- > src/qemu/qemu_driver.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c > index a5122d0cd6..45bb3c09aa 100644 > --- a/src/qemu/qemu_driver.c > +++ b/src/qemu/qemu_driver.c > @@ -19056,7 +19056,7 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr domain, > case VIR_DOMAIN_LAUNCH_SECURITY_NONE: > case VIR_DOMAIN_LAUNCH_SECURITY_LAST: > virReportEnumRangeError(virDomainLaunchSecurity, vm->def->sec->sectype); > - return -1; > + goto cleanup; Ooops, looking at the commit that introduced this (no need to run git blame O;-)), there's another problem like this in virSecurityDACRestoreAllLabel(). But that function has some other issues too, so I'll post a patch shortly. Michal
