On Thu, Feb 12, 2015 at 06:32:40PM +0100, Erik Skultety wrote:
We do have a check for valid per-domain security model, however we still do permit an invalid security model for a domain's device (those which are specified with <source> element). This patch introduces a new function virSecurityManagerCheckAllLabel which compares user specified security model against currently registered security drivers. That being said, it also permits 'none' being specified as a device security model.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165485 --- src/libvirt_private.syms | 1 + src/lxc/lxc_process.c | 3 ++ src/qemu/qemu_process.c | 6 +++ src/security/security_manager.c | 89 +++++++++++++++++++++++++++++++++++++++++ src/security/security_manager.h | 2 + 5 files changed, 101 insertions(+)
ACK
+static int virSecurityManagerCheckSecurityModel(char *secmodel, + void *opaque)
Only callbacks should use void *opaque. The redundant 'Security' occurs twice in the function names. I fixed the parameter types, and removed the extra word to save some screen space and pushed the patch. Jan