Re: [libvirt] [PATCH] Fix crash in SELinuxSecurityVerify

When attempting to edit a domain, libvirtd segfaulted in SELinuxSecurityVerify() on this line: if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { because secdef->model was NULL. Although I'm too tired to investigate in depth, I noticed that all the other functions in that file that do the same STREQ() will first check that def->seclabel.label is non-NULL, but this function doesn't. I also noticed that label *is* NULL in my case, so I tried adding that check to SELinuxSecurityVerify(), and the crash goes away. I have no idea if this is the correct fix, but it allowed me to continue my testing of a new (unrelated) feature. --- src/security/security_selinux.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index d06afde..b97ca4c 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -871,6 +871,10 @@ SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virDomainDefPtr def) { const virSecurityLabelDefPtr secdef = &def->seclabel; + + if (def->seclabel.label == NULL) + return 0; + if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("security label driver mismatch: "