Re: [PATCHv2] qemu: Clean up security driver initialisation and config file

Daniel Veillard <veillard@xxxxxxxxxx> · Thu, 30 Aug 2012 20:25:02 +0800



On Thu, Aug 30, 2012 at 02:13:01PM +0200, Peter Krempa wrote:
> Commit d0c0e79ac646462aaa815f81ad324a0d3ef12954 left behind some dead
> code (hasDAC can't be efectively set to true, because
> virSecurityManagerNew fails to load the "dac" driver).
> 
> This patch also enhances the condition for adding the default
> auto-detected security manager if the manager array is allocated but
> empty.
> 
> Also the configuration file for qemu driver still contains reference to
> the DAC driver that can't be enabled manualy.
> ---
>  src/qemu/qemu.conf     | 4 +++-
>  src/qemu/qemu_driver.c | 9 +++------
>  2 files changed, 6 insertions(+), 7 deletions(-)
> 
> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
> index fb22b7c..d3175fa 100644
> --- a/src/qemu/qemu.conf
> +++ b/src/qemu/qemu.conf
> @@ -162,7 +162,9 @@
>  # driver at the same time, for this use a list of names separated by
>  # comma and delimited by square brackets. For example:
>  #
> -#       security_driver = [ "selinux", "dac" ]
> +#       security_driver = [ "selinux", "apparmor" ]
> +#
> +# Note: The DAC security driver is always enabled.
>  #
>  #security_driver = "selinux"
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 5d9f8c9..7c0a5c3 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -251,14 +251,11 @@ qemuSecurityInit(struct qemud_driver *driver)
>      char **names;
>      virSecurityManagerPtr mgr = NULL;
>      virSecurityManagerPtr stack = NULL;
> -    bool hasDAC = false;
> 
> -    if (driver->securityDriverNames) {
> +    if (driver->securityDriverNames &&
> +        driver->securityDriverNames[0]) {
>          names = driver->securityDriverNames;
>          while (names && *names) {
> -            if (STREQ("dac", *names))
> -                hasDAC = true;
> -
>              if (!(mgr = virSecurityManagerNew(*names,
>                                                QEMU_DRIVER_NAME,
>                                                driver->allowDiskFormatProbing,
> @@ -287,7 +284,7 @@ qemuSecurityInit(struct qemud_driver *driver)
>          mgr = NULL;
>      }
> 
> -    if (!hasDAC && driver->privileged) {
> +    if (driver->privileged) {
>          if (!(mgr = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
>                                               driver->user,
>                                               driver->group,

  ACK :-)

  thanks !

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel@xxxxxxxxxxxx  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list