Re: [PATCH] lxc: Set default security model in XML parser config

Attempting to create a lxc domain with <seclabel type='none'/> fails virsh --connect lxc:/// create distro_nosec.xml error: Failed to create domain from distro_nosec.xml error: unsupported configuration: Security driver model '(null)' is not available The lxc driver does not set a default security driver model in the XML parser config, causing seclabels of type='none' to have a null model. The lxc driver's security manager is initialized in lxcStateInitialize() by calling lxcSecurityInit(). Use the model of this manager as the default in the XML parser config. Signed-off-by: Jim Fehlig <jfehlig(a)suse.com&gt; --- Kind'a, sort'a a V2 of https://www.redhat.com/archives/libvir-list/2020-December/msg00186.html It's quite a different approach to solving the problem than that patch. src/lxc/lxc_conf.c | 3 ++- src/lxc/lxc_conf.h | 3 ++- src/lxc/lxc_controller.c | 2 +- src/lxc/lxc_driver.c | 5 ++++- tests/testutilslxc.c | 2 +- 5 files changed, 10 insertions(+), 5 deletions(-) }

diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index d0503ef2ea..9d94c703ea 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1470,6 +1470,7 @@ static int lxcStateInitialize(bool privileged, { virLXCDriverConfigPtr cfg = NULL; bool autostart = true; + const char *defsecmodel; if (root != NULL) { virReportError(VIR_ERR_INVALID_ARG, "%s", @@ -1525,7 +1526,9 @@ static int lxcStateInitialize(bool privileged, if (!(lxc_driver->hostdevMgr = virHostdevManagerGetDefault())) goto cleanup; - if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver))) + defsecmodel = virSecurityManagerGetModel(lxc_driver->securityManager); +

+ if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver, defsecmodel))) goto cleanup;