From: Peter Krempa Date: Tue, 28 Aug 2012 16:29:38 +0000 (+0200) Subject: security_dac: Don't return uninitialised value when parsing seclabels X-Git-Tag: v0.10.0~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c2f5e3ede67e9349c68422ef2d867cb64ef4329;p=thirdparty%2Flibvirt.git security_dac: Don't return uninitialised value when parsing seclabels When starting a machine the DAC security driver tries to set the UID and GID of the newly spawned process. This worked as desired if the desired label was set. When the label was missing a logical bug in virSecurityDACGenLabel() caused that uninitialised values were used as uid and gid for the new process. With this patch, default values (from qemu driver configuration) are used if the label is not found. --- diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 4162e26b7e..2527759242 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -101,7 +101,7 @@ int virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr) return -1; seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); - if (seclabel == NULL) { + if (seclabel == NULL || seclabel->label == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("security label for DAC not found in domain %s"), def->name);