Ensure QEMU DAC security driver is activated at all times

If the primary security driver (SELinux/AppArmour) was disabled then the secondary QEMU DAC security driver was also disabled. This is mistaken, because the latter must be active at all times * src/qemu/qemu_driver.c: Ensure DAC driver is always active

Ensure QEMU DAC security driver is activated at all times
If the primary security driver (SELinux/AppArmour) was disabled then the secondary QEMU DAC security driver was also disabled. This is mistaken, because the latter must be active at all times * src/qemu/qemu_driver.c: Ensure DAC driver is always active
9120f004 · Daniel P. Berrange · 7efec259 · 9120f004
隐藏空白更改
内联并排

Showing with 12 addition and 10 deletion

src/qemu/qemu_driver.c src/qemu/qemu_driver.c +12 -10

未找到文件。
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -906,26 +906,28 @@ qemudSecurityInit(struct qemud_driver *qemud_drv)
    int ret;
    virSecurityDriverPtr security_drv;

+    qemuSecurityStackedSetDriver(qemud_drv);
+    qemuSecurityDACSetDriver(qemud_drv);
+
    ret = virSecurityDriverStartup(&security_drv,
                                   qemud_drv->securityDriverName);
    if (ret == -1) {
        VIR_ERROR0(_("Failed to start security driver"));
        return -1;
    }
-    /* No security driver wanted to be enabled: just return */
+
+    /* No primary security driver wanted to be enabled: just setup
+     * the DAC driver on its own */
    if (ret == -2) {
+        qemud_drv->securityDriver = &qemuDACSecurityDriver;
        VIR_INFO0(_("No security driver available"));
-        return 0;
+    } else {
+        qemud_drv->securityPrimaryDriver = security_drv;
+        qemud_drv->securitySecondaryDriver = &qemuDACSecurityDriver;
+        qemud_drv->securityDriver = &qemuStackedSecurityDriver;
+        VIR_INFO("Initialized security driver %s", security_drv->name);
    }

-    qemuSecurityStackedSetDriver(qemud_drv);
-    qemuSecurityDACSetDriver(qemud_drv);
-
-    qemud_drv->securityPrimaryDriver = security_drv;
-    qemud_drv->securitySecondaryDriver = &qemuDACSecurityDriver;
-    qemud_drv->securityDriver = &qemuStackedSecurityDriver;
-
-    VIR_INFO("Initialized security driver %s", security_drv->name);
    return 0;
 }