lxc: Set default security model in XML parser config

Attempting to create a lxc domain with <seclabel type='none'/> fails

virsh --connect lxc:/// create distro_nosec.xml
error: Failed to create domain from distro_nosec.xml
error: unsupported configuration: Security driver model '(null)' is not available

Commit 638ffa2228 adjusted the logic for setting a driver's default
security model.

The lxc driver does not set a default security driver model in the XML
parser config, causing seclabels of type='none' to have a null model.
The lxc driver's security manager is initialized in lxcStateInitialize()
by calling lxcSecurityInit(). Use the model of this manager as the
default in the XML parser config.

For the record, this is a regression caused by commit 638ffa2228, which
changed the logic for setting a driver's default security model. The
qemu driver was adjusted accordingly, but a similar change was missed
in the lxc driver.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/lxc/lxc_conf.c b/src/lxc/lxc_conf.c
index 13da6c4586e2c5947361bfa600d8814193f8fdb8..e6ad91205e2ecee79dae1e7da3fa5a2c0acdbe42 100644 (file)
--- a/src/lxc/lxc_conf.c
+++ b/src/lxc/lxc_conf.c
@@ -209,9 +209,10 @@ virCapsPtr virLXCDriverGetCapabilities(virLXCDriverPtr driver,
 
 
 virDomainXMLOptionPtr
-lxcDomainXMLConfInit(virLXCDriverPtr driver)
+lxcDomainXMLConfInit(virLXCDriverPtr driver, const char *defsecmodel)
 {
     virLXCDriverDomainDefParserConfig.priv = driver;
+    virLXCDriverDomainDefParserConfig.defSecModel = defsecmodel;
     return virDomainXMLOptionNew(&virLXCDriverDomainDefParserConfig,
                                  &virLXCDriverPrivateDataCallbacks,
                                  &virLXCDriverDomainXMLNamespace,

diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h
index f2f0e0a570c09225f176ae15a8ff4d4e03018e3b..664bafc7b94da40f37a8e32b0db8d3c2334235f6 100644 (file)
--- a/src/lxc/lxc_conf.h
+++ b/src/lxc/lxc_conf.h
@@ -112,7 +112,8 @@ int virLXCLoadDriverConfig(virLXCDriverConfigPtr cfg,
 virCapsPtr virLXCDriverCapsInit(virLXCDriverPtr driver);
 virCapsPtr virLXCDriverGetCapabilities(virLXCDriverPtr driver,
                                        bool refresh);
-virDomainXMLOptionPtr lxcDomainXMLConfInit(virLXCDriverPtr driver);
+virDomainXMLOptionPtr lxcDomainXMLConfInit(virLXCDriverPtr driver,
+                                           const char *defsecmodel);
 
 static inline void lxcDriverLock(virLXCDriverPtr driver)
 {

diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 97de0408b67802d6c56b3c7688aba48b43e4d33b..67e5e63d0026a7b1cffed357809a93b4d5117068 100644 (file)
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -169,7 +169,7 @@ virLXCControllerDriverNew(void)
     }
 
     driver->caps = virLXCDriverCapsInit(NULL);
-    driver->xmlopt = lxcDomainXMLConfInit(driver);
+    driver->xmlopt = lxcDomainXMLConfInit(driver, NULL);
 
     return driver;
 }

diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index d0503ef2eae900455facca1df94f0f8493015b3e..b1295e71daf1befc9b92cc5a3dc639ac94a73da4 100644 (file)
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1470,6 +1470,7 @@ static int lxcStateInitialize(bool privileged,
 {
     virLXCDriverConfigPtr cfg = NULL;
     bool autostart = true;
+    const char *defsecmodel;
 
     if (root != NULL) {
         virReportError(VIR_ERR_INVALID_ARG, "%s",
@@ -1525,7 +1526,9 @@ static int lxcStateInitialize(bool privileged,
     if (!(lxc_driver->hostdevMgr = virHostdevManagerGetDefault()))
         goto cleanup;
 
-    if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver)))
+    defsecmodel = virSecurityManagerGetModel(lxc_driver->securityManager);
+
+    if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver, defsecmodel)))
         goto cleanup;
 
     if (!(lxc_driver->closeCallbacks = virCloseCallbacksNew()))

diff --git a/tests/testutilslxc.c b/tests/testutilslxc.c
index b5e2f542e7c1353ef9502cb3ba1415f146d19609..e15ea2bd328f5b4aab5adb6f809714afb344bbdd 100644 (file)
--- a/tests/testutilslxc.c
+++ b/tests/testutilslxc.c
@@ -71,7 +71,7 @@ testLXCDriverInit(void)
     }
 
     driver->caps = testLXCCapsInit();
-    driver->xmlopt = lxcDomainXMLConfInit(driver);
+    driver->xmlopt = lxcDomainXMLConfInit(driver, NULL);
 
     return driver;
 }