While generating seclabels, we check the seclabel stack if required
driver is in the stack. If not, an error is returned. However, it is
possible for a seclabel to not have any model set (happens with LXC
domains that have just <seclabel type='none'>). If that's the case,
we should just skip the iteration instead of calling STREQ(NULL, ...)
and SIGSEGV-ing subsequently.
---
src/security/security_manager.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 6946637..411a909 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -436,6 +436,9 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virObjectLock(mgr);
for (i = 0; i < vm->nseclabels; i++) {
+ if (!vm->seclabels[i]->model)
+ continue;
+
for (j = 0; sec_managers[j]; j++)
if (STREQ(vm->seclabels[i]->model, sec_managers[j]->drv->name))
break;
--
1.8.1.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list