提交 281a7f1d 编写于 作者: J Jim Fehlig

apparmor: avoid copying empty profile name

AppArmorGetSecurityProcessLabel copies the VM's profile name to the
label member of virSecurityLabel struct. If the profile is not loaded,
the name is set empty before calling virStrcpy to copy it. However,
virStrcpy will fail if src is empty (0 length), causing
AppArmorGetSecurityProcessLabel to needlessly fail. Simple operations
that report security driver information will subsequently fail

virsh dominfo test
Id:             248
Name:           test
...
Security model: apparmor
Security DOI:   0
error: internal error: error copying profile name

Avoid copying an empty profile name when the profile is not loaded.
Signed-off-by: NJim Fehlig <jfehlig@suse.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
上级 d6b144b1
...@@ -525,14 +525,13 @@ AppArmorGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, ...@@ -525,14 +525,13 @@ AppArmorGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
"%s", _("error getting profile status")); "%s", _("error getting profile status"));
goto cleanup; goto cleanup;
} else if (status == -1) { } else if (status == -1) {
profile_name[0] = '\0'; sec->label[0] = '\0';
} } else {
if (virStrcpy(sec->label, profile_name, VIR_SECURITY_LABEL_BUFLEN) < 0) {
if (virStrcpy(sec->label, profile_name, virReportError(VIR_ERR_INTERNAL_ERROR,
VIR_SECURITY_LABEL_BUFLEN) < 0) { "%s", _("error copying profile name"));
virReportError(VIR_ERR_INTERNAL_ERROR, goto cleanup;
"%s", _("error copying profile name")); }
goto cleanup;
} }
sec->enforcing = status == 1; sec->enforcing = status == 1;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册