On Tue, Feb 07, 2012 at 13:39:17 -0700, Eric Blake wrote: > On 02/07/2012 01:10 PM, Jiri Denemark wrote: > > In case the caller specifies that confined guests are required but the > > security driver turns out to be 'none', we should return an error since > > this driver clearly cannot meet that requirement. As a result of this > > error, libvirtd fails to start when the host admin explicitly sets > > confined guests are required but there is no security driver available. > > > > Since security driver 'none' cannot create confined guests, we override > > default confined setting so that hypervisor drivers do not thing they > > s/thing/think/ Oops, I mistakenly pushed this without fixing the typo. > > should create confined guests. > > --- > > src/security/security_manager.c | 20 ++++++++++++++++++++ > > tests/seclabeltest.c | 2 +- > > 2 files changed, 21 insertions(+), 1 deletions(-) > > ACK that this fixes the issue, but I'm wondering whether we should move > the logic that rejects requireConfig out of security_manager.c and into > security_nop.c:virSecurityDriverOpenNop(). That is, the special casing > is a property of the 'none' security manager. Is it worth a v2 patch > that moves the error messages in that manner? I went ahead and pushed this version (see my other email for reasons). We can refactor the whole thing later if we feel like it's a good idea. Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list