Re: [libvirt] [PATCH 2/2] virSecurityManagerGenLabel: Skip seclabels without model

On Mon, Jul 15, 2013 at 03:58:28PM +0200, Michal Privoznik wrote: > While generating seclabels, we check the seclabel stack if required > driver is in the stack. If not, an error is returned. However, it is > possible for a seclabel to not have any model set (happens with LXC > domains that have just <seclabel type='none'>). If that's the case, > we should just skip the iteration instead of calling STREQ(NULL, ...) > and SIGSEGV-ing subsequently. > --- > src/security/security_manager.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/src/security/security_manager.c b/src/security/security_manager.c > index 6946637..411a909 100644 > --- a/src/security/security_manager.c > +++ b/src/security/security_manager.c > @@ -436,6 +436,9 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, > > virObjectLock(mgr); > for (i = 0; i < vm->nseclabels; i++) { > + if (!vm->seclabels[i]->model) > + continue; > + > for (j = 0; sec_managers[j]; j++) > if (STREQ(vm->seclabels[i]->model, sec_managers[j]->drv->name)) > break; ACK to this one too. Even though we can fix the LXC driver in your first patch, adding this second patch is useful crash protection. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|