[libvirt] [PATCH] Remove re-entrant API call in SELinux/AppArmor security managers

Eric Blake eblake at redhat.com
Mon Feb 11 15:59:25 UTC 2013


On 02/11/2013 07:50 AM, Richard W.M. Jones wrote:
> On Mon, Feb 11, 2013 at 02:26:15PM +0000, Daniel P. Berrange wrote:
>> From: "Daniel P. Berrange" <berrange at redhat.com>
>>
>> The security manager drivers are not allowed to call back
>> out to top level security manager APIs, since that results
>> in recursive mutex acquisition and thus deadlock. Remove
>> calls to virSecurityManagerGetModel from SELinux / AppArmor
>> drivers
>>

> 
> The patch causes the following warning:
> 
> security/security_selinux.c: In function 'virSecuritySELinuxSetSecurityProcessLabel':
> security/security_selinux.c:1826:65: error: unused parameter 'mgr' [-Werror=unused-parameter]

These can be fixed by adding ATTRIBUTE_UNUSED in the function signature.

> I switched off warnings and compiled libvirt with the patch anyway,
> and it fixed the problem for me (both libvirtd not being able to be
> killed, and libvirtd not starting up the libguestfs appliance).

I concur with the patch; ACK with the warnings addressed.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130211/8dfdc779/attachment-0001.sig>


More information about the libvir-list mailing list