[libvirt] [PATCH] Don't error when attaching security label of model "none"
If you invoke virDomainLxcEnterSecurityLabel() on security model of "none" it will report an error. Logically a "none" security model should be treated as a no-op, so we should just return success immediately, instead of an error. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/libvirt-lxc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libvirt-lxc.c b/src/libvirt-lxc.c index 16e08e9..c487ece 100644 --- a/src/libvirt-lxc.c +++ b/src/libvirt-lxc.c @@ -257,6 +257,8 @@ virDomainLxcEnterSecurityLabel(virSecurityModelPtr model, _("Support for AppArmor is not enabled")); goto error; #endif + } else if (STREQ(model->model, "none")) { + /* nothing todo */ } else { virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, _("Security model %s cannot be entered"), -- 2.7.4
On Wed, Jul 13, 2016 at 11:18:28AM +0100, Daniel P. Berrange wrote:
If you invoke virDomainLxcEnterSecurityLabel() on security model of "none" it will report an error. Logically a "none" security model should be treated as a no-op, so we should just return success immediately, instead of an error.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/libvirt-lxc.c | 2 ++ 1 file changed, 2 insertions(+)
ACK for this, just one question though. Shouldn't there be support for DAC as well or is that done by default somewhere else?
diff --git a/src/libvirt-lxc.c b/src/libvirt-lxc.c index 16e08e9..c487ece 100644 --- a/src/libvirt-lxc.c +++ b/src/libvirt-lxc.c @@ -257,6 +257,8 @@ virDomainLxcEnterSecurityLabel(virSecurityModelPtr model, _("Support for AppArmor is not enabled")); goto error; #endif + } else if (STREQ(model->model, "none")) { + /* nothing todo */ } else { virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, _("Security model %s cannot be entered"), -- 2.7.4
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, Jul 13, 2016 at 01:47:52PM +0200, Martin Kletzander wrote:
On Wed, Jul 13, 2016 at 11:18:28AM +0100, Daniel P. Berrange wrote:
If you invoke virDomainLxcEnterSecurityLabel() on security model of "none" it will report an error. Logically a "none" security model should be treated as a no-op, so we should just return success immediately, instead of an error.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/libvirt-lxc.c | 2 ++ 1 file changed, 2 insertions(+)
ACK for this, just one question though. Shouldn't there be support for DAC as well or is that done by default somewhere else?
This is only used with LXC right now, and that doesn't use the DAC security driver. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (2)
-
Daniel P. Berrange -
Martin Kletzander