security_dac: Don't return uninitialised value when parsing seclabels

When starting a machine the DAC security driver tries to set the UID and
GID of the newly spawned process. This worked as desired if the desired
label was set. When the label was missing a logical bug in
virSecurityDACGenLabel() caused that uninitialised values were used as
uid and gid for the new process.

With this patch, default values (from qemu driver configuration)
are used if the label is not found.

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 4162e26b7e68f3b1e6f0f11370fa1bce6840c945..252775924264dd23c3cfd0f2f61d177f11079d12 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -101,7 +101,7 @@ int virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
         return -1;
 
     seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
-    if (seclabel == NULL) {
+    if (seclabel == NULL || seclabel->label == NULL) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("security label for DAC not found in domain %s"),
                        def->name);