From: Michal Privoznik <mprivozn@redhat.com> Ever since of commit v1.2.13-rc1~66 the model attribute of a <seclabel/> is validated against secdriver names enabled. In nearly all cases this is something users want so that domain XML does not claim to set seclabels of a model that's not enabled. However, consider the following seclabel: <seclabel type='none' model='selinux'/> It tells us to not bother setting selinux labels on given domain. A mgmt app might format this into domain XML if it sees selinux is disabled on the host. But if that's the case, selinux driver is not loaded and this virSecurityManagerCheckModel() doesn't find it and reports an error. Well, the error doesn't need to be reported as we will just ignore selinux as each driver callback checks if relabel is false (which it is for type='none'). This is true for other secdrivers too. Resolves: https://redhat.atlassian.net/browse/RHEL-156689 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_manager.c | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/src/security/security_manager.c b/src/security/security_manager.c index f2f3bb4f19..7023ac2db8 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -727,7 +727,8 @@ virSecurityManagerReleaseLabel(virSecurityManager *mgr, static int virSecurityManagerCheckModel(virSecurityManager *mgr, - char *secmodel) + char *secmodel, + bool relabel) { g_autofree virSecurityManager **sec_managers = NULL; size_t i; @@ -744,6 +745,19 @@ static int virSecurityManagerCheckModel(virSecurityManager *mgr, } } + if (relabel == false) { + const char * const knownModels[] = { + "none", "apparmor", "dac", "selinux" + }; + + for (i = 0; i < G_N_ELEMENTS(knownModels); i++) { + if (STREQ_NULLABLE(secmodel, knownModels[i])) { + VIR_INFO("Ignoring seclabel with model %s and relabel=no", secmodel); + return 0; + } + } + } + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Security driver model '%1$s' is not available"), secmodel); @@ -758,8 +772,11 @@ virSecurityManagerCheckDomainLabel(virSecurityManager *mgr, size_t i; for (i = 0; i < def->nseclabels; i++) { - if (virSecurityManagerCheckModel(mgr, def->seclabels[i]->model) < 0) + if (virSecurityManagerCheckModel(mgr, + def->seclabels[i]->model, + def->seclabels[i]->relabel) < 0) { return -1; + } } return 0; @@ -773,8 +790,11 @@ virSecurityManagerCheckDiskLabel(virSecurityManager *mgr, size_t i; for (i = 0; i < disk->src->nseclabels; i++) { - if (virSecurityManagerCheckModel(mgr, disk->src->seclabels[i]->model) < 0) + if (virSecurityManagerCheckModel(mgr, + disk->src->seclabels[i]->model, + disk->src->seclabels[i]->relabel) < 0) { return -1; + } } return 0; @@ -788,8 +808,11 @@ virSecurityManagerCheckChardevLabel(virSecurityManager *mgr, size_t i; for (i = 0; i < dev->source->nseclabels; i++) { - if (virSecurityManagerCheckModel(mgr, dev->source->seclabels[i]->model) < 0) + if (virSecurityManagerCheckModel(mgr, + dev->source->seclabels[i]->model, + dev->source->seclabels[i]->relabel) < 0) { return -1; + } } return 0; -- 2.52.0