[libvirt] [PATCH 1/1] lxc: allow fallback to no apparmor.

Friday, 19 September 2014

The security_driver line in /etc/libvirt/qemu.conf is best-effort - if
selinux is not available on the host, then 'none' will be used.

The security_driver line in /etc/libvirt/lxc.conf doesn't behave the
same way - if apparmor is specified but policies are not available
on the host, then container creation fails.

This patch always tries to fall back to 'none' if the requested
driver is not available.  A better patch would allow an option list
like qemu.conf allows, but this patch doesn't do that.

Signed-off-by: Serge Hallyn <serge.hallyn(a)ubuntu.com&gt;
---
 src/lxc/lxc_driver.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index c3cd62c..233e558 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1541,6 +1541,11 @@ lxcSecurityInit(virLXCDriverConfigPtr cfg)
                                                       cfg->securityDefaultConfined,
                                                       cfg->securityRequireConfined);
     if (!mgr)
+        mgr = virSecurityManagerNew(NULL, LXC_DRIVER_NAME, false,
+                                                      cfg->securityDefaultConfined,
+                                                      cfg->securityRequireConfined);
+
+    if (!mgr)
         goto error;
 
     return mgr;
-- 
2.1.0


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH 1/1] lxc: allow fallback to no apparmor.