If the XML security model is NULL, it is assumed that the current
model will be used with dynamic labelling. The verify step is
meaningless and potentially crashes if dereferencing NULL
* src/security/security_manager.c: Skip NULL model on verify
---
src/security/security_manager.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 66cffb5..1bc0ebb 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -309,6 +309,13 @@ int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
int virSecurityManagerVerify(virSecurityManagerPtr mgr,
virDomainDefPtr def)
{
+ /* NULL model == dynamic labelling, with whatever drive
+ * is active, so we can short circuit verify check to
+ * avoid drivers dereferencing NULLs by accident
+ */
+ if (!secdef->model)
+ return 0;
+
if (mgr->drv->domainSecurityVerify)
return mgr->drv->domainSecurityVerify(mgr, def);
--
1.7.3.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list