Currently, if the primary security driver is 'none', we skip
initializing caps->host.secModels. This means, later, when LXC domain
XML is parsed and <seclabel type='none'/> is found (see
virSecurityLabelDefsParseXML), the model name is not copied to the
seclabel. This leads to subsequent crash in virSecurityManagerGenLabel
where we call STREQ() over the model (note, that we are expecting model
to be !NULL).
---
src/lxc/lxc_conf.c | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/src/lxc/lxc_conf.c b/src/lxc/lxc_conf.c
index 4e859c5..78b1559 100644
--- a/src/lxc/lxc_conf.c
+++ b/src/lxc/lxc_conf.c
@@ -114,16 +114,14 @@ virCapsPtr lxcCapsInit(virLXCDriverPtr driver)
doi = virSecurityManagerGetDOI(driver->securityManager);
model = virSecurityManagerGetModel(driver->securityManager);
- if (STRNEQ(model, "none")) {
- /* Allocate just the primary security driver for LXC. */
- if (VIR_ALLOC(caps->host.secModels) < 0)
- goto error;
- caps->host.nsecModels = 1;
- if (VIR_STRDUP(caps->host.secModels[0].model, model) < 0)
- goto error;
- if (VIR_STRDUP(caps->host.secModels[0].doi, doi) < 0)
- goto error;
- }
+ /* Allocate the primary security driver for LXC. */
+ if (VIR_ALLOC(caps->host.secModels) < 0)
+ goto error;
+ caps->host.nsecModels = 1;
+ if (VIR_STRDUP(caps->host.secModels[0].model, model) < 0)
+ goto error;
+ if (VIR_STRDUP(caps->host.secModels[0].doi, doi) < 0)
+ goto error;
VIR_DEBUG("Initialized caps for security driver \"%s\" with "
"DOI \"%s\"", model, doi);
--
1.8.1.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list