On 07/20/2013 07:40 AM, Doug Goldstein wrote: > On Wed, Jul 17, 2013 at 5:10 AM, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote: >> On Mon, Jul 15, 2013 at 03:58:28PM +0200, Michal Privoznik wrote: >>> While generating seclabels, we check the seclabel stack if required >>> driver is in the stack. If not, an error is returned. However, it is >>> possible for a seclabel to not have any model set (happens with LXC >>> domains that have just <seclabel type='none'>). If that's the case, >>> we should just skip the iteration instead of calling STREQ(NULL, ...) >>> and SIGSEGV-ing subsequently. >>> --- >>> src/security/security_manager.c | 3 +++ >> ACK to this one too. Even though we can fix the LXC driver in your >> first patch, adding this second patch is useful crash protection. >> >> Regards, >> Daniel >> -- >> |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| >> |: http://libvirt.org -o- http://virt-manager.org :| >> |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| >> |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| >> > > Ok to push this into v1.1.0-maint as this fixes a crasher for users > with this configuration? Should we also push the 1/2 patch? Yes, go ahead and push both into v1.1.0-maint. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list