Re: [libvirt] [PATCHv2 2/2] security_dac: compute supplemental groups before fork
On 07/18/2013 06:46 AM, Michal Privoznik wrote:
On 18.07.2013 01:08, Eric Blake wrote:
> Commit 75c1256 states that virGetGroupList must not be called
> between fork and exec, then commit ee777e99 promptly violated
> that for lxc's use of virSecurityManagerSetProcessLabel. Hoist
> the supplemental group detection to the time that the security
> manager is created. Qemu is safe, as it uses
> virSecurityManagerSetChildProcessLabel which in turn uses
> virCommand to determine supplemental groups.
>
> - if ((ret = virSecurityDACParseIds(def, uidPtr, gidPtr))
<= 0)
> + if ((ret = virSecurityDACParseIds(def, uidPtr, gidPtr)) <= 0) {
> + if (groups)
> + *groups = NULL;
> + if (ngroups)
> + ngroups = 0;
I believe you wanted *ngroups = 0; in here.
Indeed. I blame C for treating 0 and NULL interchangeably.
ACK series, but see the issue I'm raising in 2/2.
Thanks; I'll push after fixing that typo.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 621 bytes)