Ensure QEMU DAC security driver is activated at all times

If the primary security driver (SELinux/AppArmour) was disabled
then the secondary QEMU DAC security driver was also disabled.
This is mistaken, because the latter must be active at all times

* src/qemu/qemu_driver.c: Ensure DAC driver is always active

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 7de3e1bbcaac97641756f9b1ed2dadc12828b92f..1e796ef6b9d14b477624337195650dea52a138c5 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -906,26 +906,28 @@ qemudSecurityInit(struct qemud_driver *qemud_drv)
     int ret;
     virSecurityDriverPtr security_drv;
 
+    qemuSecurityStackedSetDriver(qemud_drv);
+    qemuSecurityDACSetDriver(qemud_drv);
+
     ret = virSecurityDriverStartup(&security_drv,
                                    qemud_drv->securityDriverName);
     if (ret == -1) {
         VIR_ERROR0(_("Failed to start security driver"));
         return -1;
     }
-    /* No security driver wanted to be enabled: just return */
+
+    /* No primary security driver wanted to be enabled: just setup
+     * the DAC driver on its own */
     if (ret == -2) {
+        qemud_drv->securityDriver = &qemuDACSecurityDriver;
         VIR_INFO0(_("No security driver available"));
-        return 0;
+    } else {
+        qemud_drv->securityPrimaryDriver = security_drv;
+        qemud_drv->securitySecondaryDriver = &qemuDACSecurityDriver;
+        qemud_drv->securityDriver = &qemuStackedSecurityDriver;
+        VIR_INFO("Initialized security driver %s", security_drv->name);
     }
 
-    qemuSecurityStackedSetDriver(qemud_drv);
-    qemuSecurityDACSetDriver(qemud_drv);
-
-    qemud_drv->securityPrimaryDriver = security_drv;
-    qemud_drv->securitySecondaryDriver = &qemuDACSecurityDriver;
-    qemud_drv->securityDriver = &qemuStackedSecurityDriver;
-
-    VIR_INFO("Initialized security driver %s", security_drv->name);
     return 0;
 }