External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-22 04:25:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Obtain @caps only after ACL check in qemuNodeGetSecurityModel

Browse Source 
Even though we are getting driver capabilities with
refresh=false (so that it is not expensive), we still should do
ACL check first because there is no point in bothering with the
capabilities if caller doesn't have permissions to call the API.
Also, this way the comment makes more sense.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Michal Privoznik 2019-08-21 11:47:56 +02:00
parent 4aff353dd5
commit b955fca629
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/qemu/qemu_driver.c
View File

@ -5934,14 +5934,12 @@ static int qemuNodeGetSecurityModel(virConnectPtr conn,
memset(secmodel, 0, sizeof(*secmodel));
if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
return 0;
if (virNodeGetSecurityModelEnsureACL(conn) < 0)
return 0;
/* We treat no driver as success, but simply return no data in *secmodel */
if (caps->host.nsecModels == 0 ||
if (!(caps = virQEMUDriverGetCapabilities(driver, false)) ||
caps->host.nsecModels == 0 ||
caps->host.secModels[0].model == NULL)
return 0;