From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
If an LXC domain failed to start because of a bogus SELinux
label, virLXCProcessStart would call VIR_CLOSE(0) by mistake.
This is because the code which initializes the member of the
ttyFDs array to -1 got moved too far away from the place where
the array is first allocated.
Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
src/lxc/lxc_process.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index cad6402..942d375 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -1077,6 +1077,8 @@ int virLXCProcessStart(virConnectPtr conn,
virReportOOMError();
goto cleanup;
}
+ for (i = 0 ; i < vm->def->nconsoles ; i++)
+ ttyFDs[i] = -1;
/* If you are using a SecurityDriver with dynamic labelling,
then generate a security label for isolation */
@@ -1096,9 +1098,6 @@ int virLXCProcessStart(virConnectPtr conn,
vm->def, NULL) < 0)
goto cleanup;
- for (i = 0 ; i < vm->def->nconsoles ; i++)
- ttyFDs[i] = -1;
-
for (i = 0 ; i < vm->def->nconsoles ; i++) {
char *ttyPath;
if (vm->def->consoles[i]->source.type != VIR_DOMAIN_CHR_TYPE_PTY) {
--
1.8.1.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list