virSecurityManagerGenLabel: Skip seclabels without model

While generating seclabels, we check the seclabel stack if required
driver is in the stack. If not, an error is returned. However, it is
possible for a seclabel to not have any model set (happens with LXC
domains that have just <seclabel type='none'>). If that's the case,
we should just skip the iteration instead of calling STREQ(NULL, ...)
and SIGSEGV-ing subsequently.
(cherry picked from commit ba44dd2453d486e9eb8c6204f8d7c31d07007d8f)

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index dd3ca370fd7a5040f095deb1cd82a9e46066004d..6e8df644fb21f14cb53fc5c427f07b9c0711c86b 100644 (file)
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -450,6 +450,9 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
 
     virObjectLock(mgr);
     for (i = 0; i < vm->nseclabels; i++) {
+        if (!vm->seclabels[i]->model)
+            continue;
+
         for (j = 0; sec_managers[j]; j++)
             if (STREQ(vm->seclabels[i]->model, sec_managers[j]->drv->name))
                 break;