Fix leak of allocated security label

If a VM fails to start, we can't simply free the security label strings, we must call the domainReleaseSecurityLabel() method otherwise the reserved 'mcs' level will be leaked in SElinux * src/qemu/qemu_driver.c: Invoke domainReleaseSecurityLabel() when domain fails to start

Fix leak of allocated security label
If a VM fails to start, we can't simply free the security label strings, we must call the domainReleaseSecurityLabel() method otherwise the reserved 'mcs' level will be leaked in SElinux * src/qemu/qemu_driver.c: Invoke domainReleaseSecurityLabel() when domain fails to start
9c48360b · Daniel P. Berrange · 0c0e0d02 · 9c48360b
隐藏空白更改
内联并排

Showing with 3 addition and 5 deletion

src/qemu/qemu_driver.c src/qemu/qemu_driver.c +3 -5

未找到文件。
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2985,11 +2985,9 @@ cleanup:
    /* We jump here if we failed to start the VM for any reason
     * XXX investigate if we can kill this block and safely call
     * qemudShutdownVMDaemon even though no PID is running */
-    if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
-        VIR_FREE(vm->def->seclabel.model);
-        VIR_FREE(vm->def->seclabel.label);
-        VIR_FREE(vm->def->seclabel.imagelabel);
-    }
+    if (driver->securityDriver &&
+        driver->securityDriver->domainReleaseSecurityLabel)
+        driver->securityDriver->domainReleaseSecurityLabel(conn, vm);
    qemuRemoveCgroup(conn, driver, vm, 0);
    if ((vm->def->ngraphics == 1) &&
        vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&