On 04/02/2014 06:44 AM, Ján Tomko wrote:
Every security driver has domainGenSecurityLabel defined.
As currently written. But Dan wrote the manager to be flexible to
future drivers that omit obvious functions.
This patch makes sense for silencing Coverity, but I think it is
incomplete unless you also fix the registration with the manager to
forcefully require that all drivers supply callback functions that we
are going to blindly assume exist, rather than the current status quo of
allowing a driver to omit callbacks even if none of them do. That is,
virSecurityManagerNewDriver() should be taught to require
drv->domainGenSecurityLabel is non-NULL.
Coverity complains about a possible leak of seclabel if
!sec_managers[i]->drv->domainGenSecurityLabel is true
and the seclabel might be overwritten by the next iteration
of the loop.
---
src/security/security_manager.c | 28 ++++++++++++----------------
1 file changed, 12 insertions(+), 16 deletions(-)
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org