security_dac: Don't return uninitialised value when parsing seclabels

When starting a machine the DAC security driver tries to set the UID and GID of the newly spawned process. This worked as desired if the desired label was set. When the label was missing a logical bug in virSecurityDACGenLabel() caused that uninitialised values were used as uid and gid for the new process. With this patch, default values (from qemu driver configuration) are used if the label is not found.

security_dac: Don't return uninitialised value when parsing seclabels
When starting a machine the DAC security driver tries to set the UID and GID of the newly spawned process. This worked as desired if the desired label was set. When the label was missing a logical bug in virSecurityDACGenLabel() caused that uninitialised values were used as uid and gid for the new process. With this patch, default values (from qemu driver configuration) are used if the label is not found.
3c2f5e3e · Peter Krempa · f2b241e6 · 3c2f5e3e
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

src/security/security_dac.c src/security/security_dac.c +1 -1

未找到文件。
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -101,7 +101,7 @@ int virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
        return -1;

    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
-    if (seclabel == NULL) {
+    if (seclabel == NULL || seclabel->label == NULL) {
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("security label for DAC not found in domain %s"),
                       def->name);