diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index fb22b7cd8916daf63c64f0280df332a73964a524..d3175fa750cdf93f3ce396c4c8eea9df112ec971 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -162,7 +162,9 @@ # driver at the same time, for this use a list of names separated by # comma and delimited by square brackets. For example: # -# security_driver = [ "selinux", "dac" ] +# security_driver = [ "selinux", "apparmor" ] +# +# Note: The DAC security driver is always enabled. # #security_driver = "selinux" diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 5d9f8c993270d125956be3b2141e2c9ec10e8ec8..7c0a5c3a66c4cd9aa8ce90c359fdea64bad26710 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -251,14 +251,11 @@ qemuSecurityInit(struct qemud_driver *driver) char **names; virSecurityManagerPtr mgr = NULL; virSecurityManagerPtr stack = NULL; - bool hasDAC = false; - if (driver->securityDriverNames) { + if (driver->securityDriverNames && + driver->securityDriverNames[0]) { names = driver->securityDriverNames; while (names && *names) { - if (STREQ("dac", *names)) - hasDAC = true; - if (!(mgr = virSecurityManagerNew(*names, QEMU_DRIVER_NAME, driver->allowDiskFormatProbing, @@ -287,7 +284,7 @@ qemuSecurityInit(struct qemud_driver *driver) mgr = NULL; } - if (!hasDAC && driver->privileged) { + if (driver->privileged) { if (!(mgr = virSecurityManagerNewDAC(QEMU_DRIVER_NAME, driver->user, driver->group,