On 02/07/2012 01:10 PM, Jiri Denemark wrote:
In case the caller specifies that confined guests are required but the security driver turns out to be 'none', we should return an error since this driver clearly cannot meet that requirement. As a result of this error, libvirtd fails to start when the host admin explicitly sets confined guests are required but there is no security driver available.
Since security driver 'none' cannot create confined guests, we override default confined setting so that hypervisor drivers do not thing they
s/thing/think/
should create confined guests. --- src/security/security_manager.c | 20 ++++++++++++++++++++ tests/seclabeltest.c | 2 +- 2 files changed, 21 insertions(+), 1 deletions(-)
ACK that this fixes the issue, but I'm wondering whether we should move the logic that rejects requireConfig out of security_manager.c and into security_nop.c:virSecurityDriverOpenNop(). That is, the special casing is a property of the 'none' security manager. Is it worth a v2 patch that moves the error messages in that manner?
+++ b/tests/seclabeltest.c @@ -13,7 +13,7 @@ main (int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) virSecurityManagerPtr mgr; const char *doi, *model;
- mgr = virSecurityManagerNew(NULL, false, true, true); + mgr = virSecurityManagerNew(NULL, false, true, false);
And here's a classic example that proves Laine's point that any interface with more than one bool parameter is hard to read (you have to check the implementation), compared to consolidating those into a flags argument. But no need to change the signature for this particular patch. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org