10:20 a.m.
If the primary security driver (SELinux/AppArmour) was disabled
then the secondary QEMU DAC security driver was also disabled.
This is mistaken, because the latter must be active at all times
* src/qemu/qemu_driver.c: Ensure DAC driver is always active
---
src/qemu/qemu_driver.c | 22 ++++++++++++----------
1 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 16e9b56..a9313e7 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -897,26 +897,28 @@ qemudSecurityInit(struct qemud_driver *qemud_drv)
int ret;
virSecurityDriverPtr security_drv;
+ qemuSecurityStackedSetDriver(qemud_drv);
+ qemuSecurityDACSetDriver(qemud_drv);
+
ret = virSecurityDriverStartup(&security_drv,
qemud_drv->securityDriverName);
if (ret == -1) {
VIR_ERROR0(_("Failed to start security driver"));
return -1;
}
- /* No security driver wanted to be enabled: just return */
+
+ /* No primary security driver wanted to be enabled: just setup
+ * the DAC driver on its own */
if (ret == -2) {
+ qemud_drv->securityDriver = &qemuDACSecurityDriver;
VIR_INFO0(_("No security driver available"));
- return 0;
+ } else {
+ qemud_drv->securityPrimaryDriver = security_drv;
+ qemud_drv->securitySecondaryDriver = &qemuDACSecurityDriver;
+ qemud_drv->securityDriver = &qemuStackedSecurityDriver;
+ VIR_INFO("Initialized security driver %s", security_drv->name);
}
- qemuSecurityStackedSetDriver(qemud_drv);
- qemuSecurityDACSetDriver(qemud_drv);
-
- qemud_drv->securityPrimaryDriver = security_drv;
- qemud_drv->securitySecondaryDriver = &qemuDACSecurityDriver;
- qemud_drv->securityDriver = &qemuStackedSecurityDriver;
-
- VIR_INFO("Initialized security driver %s", security_drv->name);
return 0;
}
--
1.6.6
10:37 a.m.
On Tue, Feb 02, 2010 at 04:20:39PM +0000, Daniel P. Berrange wrote:
If the primary security driver (SELinux/AppArmour) was disabled
then the secondary QEMU DAC security driver was also disabled.
This is mistaken, because the latter must be active at all times
* src/qemu/qemu_driver.c: Ensure DAC driver is always active
---
src/qemu/qemu_driver.c | 22 ++++++++++++----------
1 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 16e9b56..a9313e7 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -897,26 +897,28 @@ qemudSecurityInit(struct qemud_driver *qemud_drv)
int ret;
virSecurityDriverPtr security_drv;
+ qemuSecurityStackedSetDriver(qemud_drv);
+ qemuSecurityDACSetDriver(qemud_drv);
+
ret = virSecurityDriverStartup(&security_drv,
qemud_drv->securityDriverName);
if (ret == -1) {
VIR_ERROR0(_("Failed to start security driver"));
return -1;
}
- /* No security driver wanted to be enabled: just return */
+
+ /* No primary security driver wanted to be enabled: just setup
+ * the DAC driver on its own */
if (ret == -2) {
+ qemud_drv->securityDriver = &qemuDACSecurityDriver;
VIR_INFO0(_("No security driver available"));
- return 0;
+ } else {
+ qemud_drv->securityPrimaryDriver = security_drv;
+ qemud_drv->securitySecondaryDriver = &qemuDACSecurityDriver;
+ qemud_drv->securityDriver = &qemuStackedSecurityDriver;
+ VIR_INFO("Initialized security driver %s", security_drv->name);
}
- qemuSecurityStackedSetDriver(qemud_drv);
- qemuSecurityDACSetDriver(qemud_drv);
-
- qemud_drv->securityPrimaryDriver = security_drv;
- qemud_drv->securitySecondaryDriver = &qemuDACSecurityDriver;
- qemud_drv->securityDriver = &qemuStackedSecurityDriver;
-
- VIR_INFO("Initialized security driver %s", security_drv->name);
return 0;
}
Okay, understood, ACK,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
5409
days inactive
5409
days old
1 comments
2 participants
participants (2)
-
Daniel P. Berrange -
Daniel Veillard