Re: [libvirt] [PATCH v2 1/4] security: Refactor virSecurityManagerGenLabel
On Tue, Feb 10, 2015 at 05:17:33PM +0100, Erik Skultety wrote:
Before we generate a security label (security driver with dynamic
labeling) for a domain, we first check for domain's security model
validity. We should also check devices' security model as well,
therefore it might be better to move this chunk of code in a separate function
which would check both the domain's security model and devices' security model.
The addition of this chunk should be a part of this commit. This way it
seems it just disappeared.
This function would of course be called right before we try to
generate
a security label in qemuProcessStart/qemuProcessAttach
---
src/security/security_manager.c | 20 +-------------------
1 file changed, 1 insertion(+), 19 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 302f54d..000bc82 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -576,33 +576,15 @@ virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
{
int ret = -1;
- size_t i, j;
+ size_t i;
virSecurityManagerPtr* sec_managers = NULL;
virSecurityLabelDefPtr seclabel;
bool generated = false;
- if (mgr == NULL || mgr->drv == NULL)
- return ret;
-
Can either of these conditions be true here? If so, we should leave
the check here (possibly add an error message), because GetNested
will dereference them.
If not, they should be cleaned up in a separate patch.
Jan
Attachments:
- signature.asc (application/pgp-signature — 819 bytes)