mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 22:55:23 +00:00
Ensure QEMU DAC security driver is activated at all times
If the primary security driver (SELinux/AppArmour) was disabled then the secondary QEMU DAC security driver was also disabled. This is mistaken, because the latter must be active at all times * src/qemu/qemu_driver.c: Ensure DAC driver is always active
This commit is contained in:
parent
7efec25964
commit
9120f00446
@ -906,26 +906,28 @@ qemudSecurityInit(struct qemud_driver *qemud_drv)
|
||||
int ret;
|
||||
virSecurityDriverPtr security_drv;
|
||||
|
||||
qemuSecurityStackedSetDriver(qemud_drv);
|
||||
qemuSecurityDACSetDriver(qemud_drv);
|
||||
|
||||
ret = virSecurityDriverStartup(&security_drv,
|
||||
qemud_drv->securityDriverName);
|
||||
if (ret == -1) {
|
||||
VIR_ERROR0(_("Failed to start security driver"));
|
||||
return -1;
|
||||
}
|
||||
/* No security driver wanted to be enabled: just return */
|
||||
|
||||
/* No primary security driver wanted to be enabled: just setup
|
||||
* the DAC driver on its own */
|
||||
if (ret == -2) {
|
||||
qemud_drv->securityDriver = &qemuDACSecurityDriver;
|
||||
VIR_INFO0(_("No security driver available"));
|
||||
return 0;
|
||||
}
|
||||
|
||||
qemuSecurityStackedSetDriver(qemud_drv);
|
||||
qemuSecurityDACSetDriver(qemud_drv);
|
||||
|
||||
} else {
|
||||
qemud_drv->securityPrimaryDriver = security_drv;
|
||||
qemud_drv->securitySecondaryDriver = &qemuDACSecurityDriver;
|
||||
qemud_drv->securityDriver = &qemuStackedSecurityDriver;
|
||||
|
||||
VIR_INFO("Initialized security driver %s", security_drv->name);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user