On 07/18/2013 06:46 AM, Michal Privoznik wrote:
> On 18.07.2013 01:08, Eric Blake wrote:
>> Commit 75c1256 states that virGetGroupList must not be called
>> between fork and exec, then commit ee777e99 promptly violated
>> that for lxc's use of virSecurityManagerSetProcessLabel. Hoist
>> the supplemental group detection to the time that the security
>> manager is created. Qemu is safe, as it uses
>> virSecurityManagerSetChildProcessLabel which in turn uses
>> virCommand to determine supplemental groups.
>>
>> - if ((ret = virSecurityDACParseIds(def, uidPtr, gidPtr)) <= 0)
>> + if ((ret = virSecurityDACParseIds(def, uidPtr, gidPtr)) <= 0) {
>> + if (groups)
>> + *groups = NULL;
>> + if (ngroups)
>> + ngroups = 0;
>
> I believe you wanted *ngroups = 0; in here.
>
Indeed. I blame C for treating 0 and NULL interchangeably.
>
> ACK series, but see the issue I'm raising in 2/2.
Thanks; I'll push after fixing that typo.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list