[libvirt] [PATCH] Fix crash in SELinuxSecurityVerify
Osier Yang
jyang at redhat.com
Thu Jan 13 06:11:28 UTC 2011
于 2011年01月13日 13:30, Laine Stump 写道:
> When attempting to edit a domain, libvirtd segfaulted in
> SELinuxSecurityVerify() on this line:
>
> if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
>
> because secdef->model was NULL.
There is STREQ_NULLABLE defined in internal.h, but seems it's
never used.
Although I'm too tired to investigate
> in depth, I noticed that all the other functions in that file that do
> the same STREQ() will first check that def->seclabel.label is
> non-NULL, but this function doesn't. I also noticed that label *is*
> NULL in my case, so I tried adding that check to
> SELinuxSecurityVerify(), and the crash goes away.
>
> I have no idea if this is the correct fix, but it allowed me to
> continue my testing of a new (unrelated) feature.
> ---
> src/security/security_selinux.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index d06afde..b97ca4c 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -871,6 +871,10 @@ SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> virDomainDefPtr def)
> {
> const virSecurityLabelDefPtr secdef =&def->seclabel;
> +
> + if (def->seclabel.label == NULL)
> + return 0;
> +
> if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
> virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
> _("security label driver mismatch: "
More information about the libvir-list
mailing list