From 3c2f5e3ede67e9349c68422ef2d867cb64ef4329 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Tue, 28 Aug 2012 18:29:38 +0200 Subject: [PATCH] security_dac: Don't return uninitialised value when parsing seclabels When starting a machine the DAC security driver tries to set the UID and GID of the newly spawned process. This worked as desired if the desired label was set. When the label was missing a logical bug in virSecurityDACGenLabel() caused that uninitialised values were used as uid and gid for the new process. With this patch, default values (from qemu driver configuration) are used if the label is not found. --- src/security/security_dac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 4162e26b7e..2527759242 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -101,7 +101,7 @@ int virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr) return -1; seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); - if (seclabel == NULL) { + if (seclabel == NULL || seclabel->label == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("security label for DAC not found in domain %s"), def->name);