Re: [libvirt] [PATCH 2/2] virSecurityManagerGenLabel: Skip seclabels without model

While generating seclabels, we check the seclabel stack if required driver is in the stack. If not, an error is returned. However, it is possible for a seclabel to not have any model set (happens with LXC domains that have just <seclabel type='none'>). If that's the case, we should just skip the iteration instead of calling STREQ(NULL, ...) and SIGSEGV-ing subsequently. --- src/security/security_manager.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 6946637..411a909 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -436,6 +436,9 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, virObjectLock(mgr); for (i = 0; i < vm->nseclabels; i++) { + if (!vm->seclabels[i]->model) + continue; + for (j = 0; sec_managers[j]; j++) if (STREQ(vm->seclabels[i]->model, sec_managers[j]->drv->name)) break;