On 06/10/2014 12:33 AM, Eric Blake wrote: > On 06/09/2014 08:30 AM, Ján Tomko wrote: >> This fixes startup of a domain with: >> <seclabel type='none' model='dac'/> >> on a host with selinux and dac drivers and >> security_default_confined = 0 >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1105939 >> --- >> src/security/security_selinux.c | 98 ++++++++++++----------------------------- >> 1 file changed, 29 insertions(+), 69 deletions(-) > > Shouldn't there also be a change somewhere under tests/ to ensure that > we parse XML in that situation? I can add a test for parsing: <seclabel type='none' model='dac'/> but the only thing in seclabel XML parsing that depends on the security drivers is the default model that's filled in for <seclabel type='none'/> I'll send it separately as it wouldn't be directly related to the bug. > > Otherwise, this looks like a fairly mechanical conversion of > virDomainDefGetSecurityLabelDef() returning NULL from being a silent > error into being successful; and that makes sense since domain_conf.c > does not report any errors if a label cannot be looked up. ACK. > Thanks, pushed. Jan
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list