ä 2011å01æ13æ 13:30, Laine Stump åé:
When attempting to edit a domain, libvirtd segfaulted in SELinuxSecurityVerify() on this line: if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { because secdef->model was NULL.
There is STREQ_NULLABLE defined in internal.h, but seems it's never used. Although I'm too tired to investigate
in depth, I noticed that all the other functions in that file that do the same STREQ() will first check that def->seclabel.label is non-NULL, but this function doesn't. I also noticed that label *is* NULL in my case, so I tried adding that check to SELinuxSecurityVerify(), and the crash goes away. I have no idea if this is the correct fix, but it allowed me to continue my testing of a new (unrelated) feature. --- src/security/security_selinux.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index d06afde..b97ca4c 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -871,6 +871,10 @@ SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virDomainDefPtr def) { const virSecurityLabelDefPtr secdef =&def->seclabel; + + if (def->seclabel.label == NULL) + return 0; + if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("security label driver mismatch: "
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list