On 12/4/20 12:25 AM, Jim Fehlig wrote:
Attempting to create a lxc domain with <seclabel type='none'/> fails
virsh --connect lxc:/// create distro_nosec.xml error: Failed to create domain from distro_nosec.xml error: unsupported configuration: Security driver model '(null)' is not available
The lxc driver does not set a default security driver model in the XML parser config, causing seclabels of type='none' to have a null model. The lxc driver's security manager is initialized in lxcStateInitialize() by calling lxcSecurityInit(). Use the model of this manager as the default in the XML parser config.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> ---
Kind'a, sort'a a V2 of
https://www.redhat.com/archives/libvir-list/2020-December/msg00186.html
It's quite a different approach to solving the problem than that patch.
src/lxc/lxc_conf.c | 3 ++- src/lxc/lxc_conf.h | 3 ++- src/lxc/lxc_controller.c | 2 +- src/lxc/lxc_driver.c | 5 ++++- tests/testutilslxc.c | 2 +- 5 files changed, 10 insertions(+), 5 deletions(-)
}
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index d0503ef2ea..9d94c703ea 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1470,6 +1470,7 @@ static int lxcStateInitialize(bool privileged, { virLXCDriverConfigPtr cfg = NULL; bool autostart = true; + const char *defsecmodel;
if (root != NULL) { virReportError(VIR_ERR_INVALID_ARG, "%s", @@ -1525,7 +1526,9 @@ static int lxcStateInitialize(bool privileged, if (!(lxc_driver->hostdevMgr = virHostdevManagerGetDefault())) goto cleanup;
- if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver))) + defsecmodel = virSecurityManagerGetModel(lxc_driver->securityManager); +
Some trailing spaces.
+ if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver, defsecmodel))) goto cleanup;
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal