[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 2/2] virSecurityManagerGenLabel: Skip seclabels without model



On Wed, Jul 17, 2013 at 5:10 AM, Daniel P. Berrange <berrange redhat com> wrote:
> On Mon, Jul 15, 2013 at 03:58:28PM +0200, Michal Privoznik wrote:
>> While generating seclabels, we check the seclabel stack if required
>> driver is in the stack. If not, an error is returned. However, it is
>> possible for a seclabel to not have any model set (happens with LXC
>> domains that have just <seclabel type='none'>). If that's the case,
>> we should just skip the iteration instead of calling STREQ(NULL, ...)
>> and SIGSEGV-ing subsequently.
>> ---
>>  src/security/security_manager.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
>> index 6946637..411a909 100644
>> --- a/src/security/security_manager.c
>> +++ b/src/security/security_manager.c
>> @@ -436,6 +436,9 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
>>
>>      virObjectLock(mgr);
>>      for (i = 0; i < vm->nseclabels; i++) {
>> +        if (!vm->seclabels[i]->model)
>> +            continue;
>> +
>>          for (j = 0; sec_managers[j]; j++)
>>              if (STREQ(vm->seclabels[i]->model, sec_managers[j]->drv->name))
>>                  break;
>
> ACK to this one too. Even though we can fix the LXC driver in your
> first patch, adding this second patch is useful crash protection.
>
> Regards,
> Daniel
> --
> |: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
> |: http://libvirt.org              -o-             http://virt-manager.org :|
> |: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
> |: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|
>

Ok to push this into v1.1.0-maint as this fixes a crasher for users
with this configuration? Should we also push the 1/2 patch?

-- 
Doug Goldstein


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]