diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 4b5132f8d0..f2a32bc1fa 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -576,33 +576,15 @@ virSecurityManagerGenLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm) { int ret = -1; - size_t i, j; + size_t i; virSecurityManagerPtr* sec_managers = NULL; virSecurityLabelDefPtr seclabel; bool generated = false; - if (mgr == NULL || mgr->drv == NULL) - return ret; - if ((sec_managers = virSecurityManagerGetNested(mgr)) == NULL) return ret; virObjectLock(mgr); - for (i = 0; i < vm->nseclabels; i++) { - if (!vm->seclabels[i]->model) - continue; - - for (j = 0; sec_managers[j]; j++) - if (STREQ(vm->seclabels[i]->model, sec_managers[j]->drv->name)) - break; - - if (!sec_managers[j]) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Unable to find security driver for label %s"), - vm->seclabels[i]->model); - goto cleanup; - } - } for (i = 0; sec_managers[i]; i++) { generated = false; @@ -727,6 +709,21 @@ static int virSecurityManagerCheckModel(virSecurityManagerPtr mgr, } +static int +virSecurityManagerCheckDomainLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def) +{ + size_t i; + + for (i = 0; i < def->nseclabels; i++) { + if (virSecurityManagerCheckModel(mgr, def->seclabels[i]->model) < 0) + return -1; + } + + return 0; +} + + static int virSecurityManagerCheckDiskLabel(virSecurityManagerPtr mgr, virDomainDiskDefPtr disk) @@ -772,6 +769,9 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerPtr mgr, { size_t i; + if (virSecurityManagerCheckDomainLabel(mgr, vm) < 0) + return -1; + for (i = 0; i < vm->ndisks; i++) { if (virSecurityManagerCheckDiskLabel(mgr, vm->disks[i]) < 0) return -1;