When starting a machine the DAC security driver tries to set the UID and
GID of the newly spawned process. This worked as desired if the desired
label was set. When the label was missing a logical bug in
virSecurityDACGenLabel() caused that uninitialised values were used as
uid and gid for the new process.
With this patch, default values (from qemu driver configuration)
are used if the label is not found.
---
src/security/security_dac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 4162e26..2527759 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -101,7 +101,7 @@ int virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
return -1;
seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
- if (seclabel == NULL) {
+ if (seclabel == NULL || seclabel->label == NULL) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label for DAC not found in domain %s"),
def->name);
--
1.7.12
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list