rpm/libvirt
SHA256
1
0
Fork 0
forked from pool/libvirt
Code Pull Requests Activity
0b3a0a1f93
libvirt/cf4e7e62-lxc-def-secmodel.patch
James Fehlig 0b3a0a1f93 - apparmor: Allow lxc processes to receive signals from libvirt 
lxc: Set default security model in XML parser config
  0d05d51b-apparmor-lxc-fix.patch, cf4e7e62-lxc-def-secmodel.patch
  bsc#1179735

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=863
2020-12-07 23:13:45 +00:00

109 lines
4.4 KiB
Diff
Raw Blame History

commit cf4e7e620a3ecd109f23c8cdb577893d0e088201
Author: Jim Fehlig <jfehlig@suse.com>
Date: Thu Dec 3 11:55:24 2020 -0700
lxc: Set default security model in XML parser config
Attempting to create a lxc domain with <seclabel type='none'/> fails
virsh --connect lxc:/// create distro_nosec.xml
error: Failed to create domain from distro_nosec.xml
error: unsupported configuration: Security driver model '(null)' is not available
Commit 638ffa2228 adjusted the logic for setting a driver's default
security model.
The lxc driver does not set a default security driver model in the XML
parser config, causing seclabels of type='none' to have a null model.
The lxc driver's security manager is initialized in lxcStateInitialize()
by calling lxcSecurityInit(). Use the model of this manager as the
default in the XML parser config.
For the record, this is a regression caused by commit 638ffa2228, which
changed the logic for setting a driver's default security model. The
qemu driver was adjusted accordingly, but a similar change was missed
in the lxc driver.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Index: libvirt-6.10.0/src/lxc/lxc_conf.c
===================================================================
--- libvirt-6.10.0.orig/src/lxc/lxc_conf.c
+++ libvirt-6.10.0/src/lxc/lxc_conf.c
@@ -209,9 +209,10 @@ virCapsPtr virLXCDriverGetCapabilities(v
virDomainXMLOptionPtr
-lxcDomainXMLConfInit(virLXCDriverPtr driver)
+lxcDomainXMLConfInit(virLXCDriverPtr driver, const char *defsecmodel)
{
virLXCDriverDomainDefParserConfig.priv = driver;
+ virLXCDriverDomainDefParserConfig.defSecModel = defsecmodel;
return virDomainXMLOptionNew(&virLXCDriverDomainDefParserConfig,
&virLXCDriverPrivateDataCallbacks,
&virLXCDriverDomainXMLNamespace,
Index: libvirt-6.10.0/src/lxc/lxc_conf.h
===================================================================
--- libvirt-6.10.0.orig/src/lxc/lxc_conf.h
+++ libvirt-6.10.0/src/lxc/lxc_conf.h
@@ -112,7 +112,8 @@ int virLXCLoadDriverConfig(virLXCDriverC
virCapsPtr virLXCDriverCapsInit(virLXCDriverPtr driver);
virCapsPtr virLXCDriverGetCapabilities(virLXCDriverPtr driver,
bool refresh);
-virDomainXMLOptionPtr lxcDomainXMLConfInit(virLXCDriverPtr driver);
+virDomainXMLOptionPtr lxcDomainXMLConfInit(virLXCDriverPtr driver,
+ const char *defsecmodel);
static inline void lxcDriverLock(virLXCDriverPtr driver)
{
Index: libvirt-6.10.0/src/lxc/lxc_controller.c
===================================================================
--- libvirt-6.10.0.orig/src/lxc/lxc_controller.c
+++ libvirt-6.10.0/src/lxc/lxc_controller.c
@@ -169,7 +169,7 @@ virLXCControllerDriverNew(void)
}
driver->caps = virLXCDriverCapsInit(NULL);
- driver->xmlopt = lxcDomainXMLConfInit(driver);
+ driver->xmlopt = lxcDomainXMLConfInit(driver, NULL);
return driver;
}
Index: libvirt-6.10.0/src/lxc/lxc_driver.c
===================================================================
--- libvirt-6.10.0.orig/src/lxc/lxc_driver.c
+++ libvirt-6.10.0/src/lxc/lxc_driver.c
@@ -1470,6 +1470,7 @@ static int lxcStateInitialize(bool privi
{
virLXCDriverConfigPtr cfg = NULL;
bool autostart = true;
+ const char *defsecmodel;
if (root != NULL) {
virReportError(VIR_ERR_INVALID_ARG, "%s",
@@ -1525,7 +1526,9 @@ static int lxcStateInitialize(bool privi
if (!(lxc_driver->hostdevMgr = virHostdevManagerGetDefault()))
goto cleanup;
- if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver)))
+ defsecmodel = virSecurityManagerGetModel(lxc_driver->securityManager);
+
+ if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver, defsecmodel)))
goto cleanup;
if (!(lxc_driver->closeCallbacks = virCloseCallbacksNew()))
Index: libvirt-6.10.0/tests/testutilslxc.c
===================================================================
--- libvirt-6.10.0.orig/tests/testutilslxc.c
+++ libvirt-6.10.0/tests/testutilslxc.c
@@ -71,7 +71,7 @@ testLXCDriverInit(void)
}
driver->caps = testLXCCapsInit();
- driver->xmlopt = lxcDomainXMLConfInit(driver);
+ driver->xmlopt = lxcDomainXMLConfInit(driver, NULL);
return driver;
}
View Git Blame Copy Permalink