From nobody Sat May 18 14:10:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=quarantine dis=quarantine) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1606964284; cv=none; d=zohomail.com; s=zohoarc; b=g7kWQnJ+w/pn72uJREbN2XuLF7oVQEr8ZbL3nHmvSezrG+FEYB50QnL4KkloJ/pzLcrUWonIqjsdE3Q6kM28c3bOXGv+YMaXd1Q8rxFcE/b5VedzA+OytPnvxHP1Ja9t+5HKZBD8b1jNAlC7xHZFr+D2B7/EndB3CYCHLLQiHw8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606964284; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=jVobCRHG09kFqbl+E10aa1xnRLolDWTg92lgjutHSZY=; b=IQjubOjrZYaKEd8QZ5lU8gp43zS6eFfkS56BzQzlouved0MbaVpVXC7O675A5FUHOONUkdKrdnU/r8Q94CWGWnKGMR5LPwIhaghUpuuOoSv6Dd9d0m0k7pXZMB7TNI6oerotU4FC8HkMwzEJq8r4lnFuViUow36NJEi09QyKHYY= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=quarantine dis=quarantine) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 1606964284506146.83285624181144; Wed, 2 Dec 2020 18:58:04 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-148-btxZARTrN4qTafhph6HxFw-1; Wed, 02 Dec 2020 21:57:57 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 601461005E5F; Thu, 3 Dec 2020 02:57:52 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 351C25D9CA; Thu, 3 Dec 2020 02:57:52 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6EBB14BB7B; Thu, 3 Dec 2020 02:57:51 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0B32vnDw008166 for ; Wed, 2 Dec 2020 21:57:49 -0500 Received: by smtp.corp.redhat.com (Postfix) id 5EE11D7B27; Thu, 3 Dec 2020 02:57:49 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 58456AFD51 for ; Thu, 3 Dec 2020 02:57:46 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DADF4858EEC for ; Thu, 3 Dec 2020 02:57:46 +0000 (UTC) Received: from de-smtp-delivery-102.mimecast.com (de-smtp-delivery-102.mimecast.com [62.140.7.102]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-452-shnFRQiXNbiARiNXvqqCkg-1; Wed, 02 Dec 2020 21:57:44 -0500 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05lp2105.outbound.protection.outlook.com [104.47.18.105]) (Using TLS) by relay.mimecast.com with ESMTP id de-mta-14-MiIkfFOSPB6O-yREiEonEQ-2; Thu, 03 Dec 2020 03:57:41 +0100 Received: from AM8PR04MB7761.eurprd04.prod.outlook.com (2603:10a6:20b:248::15) by AM0PR04MB6642.eurprd04.prod.outlook.com (2603:10a6:208:16e::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.18; Thu, 3 Dec 2020 02:57:40 +0000 Received: from AM8PR04MB7761.eurprd04.prod.outlook.com ([fe80::28ad:2119:382e:6dae]) by AM8PR04MB7761.eurprd04.prod.outlook.com ([fe80::28ad:2119:382e:6dae%7]) with mapi id 15.20.3632.017; Thu, 3 Dec 2020 02:57:40 +0000 Received: from linux-tbji.devlab.prv.suse.com (75.169.0.32) by AM8P190CA0030.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:219::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Thu, 3 Dec 2020 02:57:38 +0000 X-MC-Unique: btxZARTrN4qTafhph6HxFw-1 X-MC-Unique: shnFRQiXNbiARiNXvqqCkg-1 X-MC-Unique: MiIkfFOSPB6O-yREiEonEQ-2 From: Jim Fehlig To: libvir-list@redhat.com Subject: [PATCH 1/2] apparmor: Allow lxc processes to receive signals from libvirt Date: Wed, 2 Dec 2020 19:57:14 -0700 Message-ID: <20201203025715.31994-2-jfehlig@suse.com> In-Reply-To: <20201203025715.31994-1-jfehlig@suse.com> References: <20201203025715.31994-1-jfehlig@suse.com> X-Originating-IP: [75.169.0.32] X-ClientProxiedBy: AM8P190CA0030.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:219::35) To AM8PR04MB7761.eurprd04.prod.outlook.com (2603:10a6:20b:248::15) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3a5fc9ea-9250-453d-460e-08d897373255 X-MS-TrafficTypeDiagnostic: AM0PR04MB6642: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:404 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0 X-Microsoft-Antispam-Message-Info: diewtrx4GoM9aMODTdoTRAvpRI8s/rv93fGYhd3jg0yG8IDCKcShMWnOlA9CyTHQ7e+E6KeBKF07ddPcMaV9nZsWDboNtDdPp5NP2i/Hc28qYvxxdcDayyBvBZ7qNYUzDNYnXVvcWuctRc0VqozMiAeThJR3nRy0gk0fJW/BfRKLCNBgihtf/lYZhThX00idmRNtjaEK9Fvp3I9dftAn08MkuXQvyfvclOY2/CG6ncagXmrFhSl+ILXqProC3i9tOBHrvLLP4XP2+diAqjILz0boZwBRFX8KYE3KEw/3IJ3h7X/Fzs6/78pnC2iPLJzxLItib9ni1KZuerFH7gZ4Jw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM8PR04MB7761.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(136003)(376002)(396003)(346002)(39860400002)(66476007)(66556008)(66946007)(478600001)(956004)(2616005)(7696005)(52116002)(316002)(1076003)(26005)(186003)(6666004)(5660300002)(16526019)(6916009)(83380400001)(2906002)(6486002)(86362001)(107886003)(36756003)(4326008)(8676002)(8936002); DIR:OUT; SFP:1101 X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?qK+natys8Ar7BtfTxcByGFa4TsBVqkqLBy2fCj+2et8rnEvC8t42eeWkaflj?= =?us-ascii?Q?JtHq2jDJHaVHzQsm7NyLrF6bcdcN710jP4UbPTh3HPPiR0HXnoCSdVMkq+GO?= =?us-ascii?Q?KdwFyHImKunKjpwqurCEdvhUyjC82GKy0PrcqLGwv1b8+0K5IwXlQQUWrXca?= =?us-ascii?Q?wX0CNQs9eN6evs0pKfyBb9GdudzN0FbRNQHgp4GTuZ7JzPJ6dRqqhHn4rtsU?= =?us-ascii?Q?6VVoHXDtU0ge8G8PBNi+M9t+rDXeyBx4tFp4zB6EyqUvnUz5/PHv4mXHVy/p?= =?us-ascii?Q?i5yVOKINuyQFX92xgu7u19OpajEOSn3GTpHpbq6J0LEH58rCbalQafvY1MoM?= =?us-ascii?Q?1E7Y5PP/Uqwe08+NbH08PsJ4wM0Pw3GwA/IuoRobvpyf21nFeTVtGOB9UD16?= =?us-ascii?Q?t9xpHrDati4ISDdDvBW/wjB2jlczbHdrMjFkQCTu0hGEvkHAhcu5fTpk2ABp?= =?us-ascii?Q?ErNWXrAb4yVOLZHjYOjcg4Z6DwMYk83XQ0AByT9CFFa8CqPkkGlVQ5jHh3cR?= =?us-ascii?Q?OGgE2WvL4i9V0df/Ju+zRYnCk9QFXgyBvlTDn9xxs3Q5vQ2jaEAj5+9OoTmx?= =?us-ascii?Q?mqyApzFrv9wHsanV1xYs62BPBFxSI7rrGxEP63vLO91v5M84+6I+lxqwDCjc?= =?us-ascii?Q?9ydYexQFFIpyMX6P9EGD30itv4Fu++qqtm7uET1+UgRdPFezgk0Jrr6+B8Ed?= =?us-ascii?Q?g68QUwIkffu2V15ISmINYV6kFJoQEn94SVrDm3ZINVOMkYC0IuyZm9vS1rK6?= =?us-ascii?Q?MWpEWG5RgMDFWphZWqGZVATn7tmBAYfaLGcGaXIuYnqCib//lxG/lqdOeTDu?= =?us-ascii?Q?lTbu6NmhY125dpLsPNIDTDGfQiY9+8yv0Fv6JpI+r1GNcsmeZy7fRKqQFce7?= =?us-ascii?Q?hx53y9PHnM7X++RYzRfwycNIABJcOTtK5PmsNd7h6xyr9cHeBy0594uW2/5Q?= =?us-ascii?Q?HbvhAzSLYvN+ExoJcNHLGD4bx0jgcL3lDA08wRI1KJ0=3D?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3a5fc9ea-9250-453d-460e-08d897373255 X-MS-Exchange-CrossTenant-AuthSource: AM8PR04MB7761.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Dec 2020 02:57:39.9287 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: lhR8qcyyfq/SOltWVAoQazQlAblcanjQPFoxTkAV56Qe35eJSTu5jEcV1aqjaBfvxMcZTx28j3kTB0fKBZGILw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6642 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 0B32vnDw008166 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" LXC processes confined by apparmor are not permitted to receive signals from libvirtd. Attempting to destroy such a process fails virsh --connect lxc:/// destroy distro_apparmor error: Failed to destroy domain distro_apparmor error: Failed to kill process 29491: Permission denied And from /var/log/audit/audit.log type=3DAVC msg=3Daudit(1606949706.142:6345): apparmor=3D"DENIED" operation=3D"signal" profile=3D"libvirt-314b7109-fdce-48dc-ad28-7c47958a27c= 1" pid=3D29390 comm=3D"libvirtd" requested_mask=3D"receive" denied_mask=3D"rec= eive" signal=3Dterm peer=3D"libvirtd" Similar to the libvirt-qemu abstraction, add a rule to the libvirt-lxc abstraction allowing reception of signals from libvirtd. Signed-off-by: Jim Fehlig Reviewed-by: Christian Ehrhardt --- src/security/apparmor/libvirt-lxc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/security/apparmor/libvirt-lxc b/src/security/apparmor/libv= irt-lxc index e556f2a7bd..0c8b812743 100644 --- a/src/security/apparmor/libvirt-lxc +++ b/src/security/apparmor/libvirt-lxc @@ -1,5 +1,9 @@ #include =20 + # Allow receiving signals from libvirtd + signal (receive) peer=3Dlibvirtd, + signal (receive) peer=3D/usr/sbin/libvirtd, + umount, =20 # ignore DENIED message on / remount --=20 2.29.2 From nobody Sat May 18 14:10:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=quarantine dis=quarantine) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1606964280; cv=none; d=zohomail.com; s=zohoarc; b=d/v3UpSnBwCNSjk3FcIYHnjBJ1TDb7UrtIFSQNeo77bHQ2rPup7NsRGa6m3w8CgQB6VOkKCJs+j0/oWU0aAfWkj0VlPuCzDwkigNiUrZtrXpTC/BWGGVCorEiY1arQX+RKnWbLILMIBuAWCMglqARImvnx14M6q/zmRfRgrDwp4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606964280; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=9IJkBL1+VE6VN2bZUOTn1iEzqbBUPELtiWotEbWZ6dk=; b=LHpzCWOfj1DJWPFoW9epZey+OXfACZbkfEwHvkhTsSobPsHdkmcQEk9+h3P10765hN55F1YzdG/JXLU/F6YIP4jvls1++/uFF1MdF+QZfc91hOUzsP3FVQiv3pIYmMmgbBVSuVyDNh+0uq6wisEg2tRO9qOG3e2E50lGbjjC/jc= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=quarantine dis=quarantine) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 1606964280439821.8934356486997; Wed, 2 Dec 2020 18:58:00 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-148-4SNmcC2ANUyZr77qCkrd3w-1; Wed, 02 Dec 2020 21:57:57 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 40ADC817B9D; Thu, 3 Dec 2020 02:57:52 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 125655D6AC; Thu, 3 Dec 2020 02:57:52 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id E6C6718095FF; Thu, 3 Dec 2020 02:57:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0B32vnkw008165 for ; Wed, 2 Dec 2020 21:57:49 -0500 Received: by smtp.corp.redhat.com (Postfix) id 5E02BD7B22; Thu, 3 Dec 2020 02:57:49 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 55296D7B26 for ; Thu, 3 Dec 2020 02:57:47 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 17AE68007D9 for ; Thu, 3 Dec 2020 02:57:47 +0000 (UTC) Received: from de-smtp-delivery-102.mimecast.com (de-smtp-delivery-102.mimecast.com [62.140.7.102]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-544-8f1_dU6FNuGRpWwgF79WFg-1; Wed, 02 Dec 2020 21:57:45 -0500 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05lp2105.outbound.protection.outlook.com [104.47.18.105]) (Using TLS) by relay.mimecast.com with ESMTP id de-mta-14-TsjPkuILOHGw_kp3By4W6g-3; Thu, 03 Dec 2020 03:57:42 +0100 Received: from AM8PR04MB7761.eurprd04.prod.outlook.com (2603:10a6:20b:248::15) by AM0PR04MB6642.eurprd04.prod.outlook.com (2603:10a6:208:16e::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.18; Thu, 3 Dec 2020 02:57:41 +0000 Received: from AM8PR04MB7761.eurprd04.prod.outlook.com ([fe80::28ad:2119:382e:6dae]) by AM8PR04MB7761.eurprd04.prod.outlook.com ([fe80::28ad:2119:382e:6dae%7]) with mapi id 15.20.3632.017; Thu, 3 Dec 2020 02:57:41 +0000 Received: from linux-tbji.devlab.prv.suse.com (75.169.0.32) by AM8P190CA0030.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:219::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Thu, 3 Dec 2020 02:57:40 +0000 X-MC-Unique: 4SNmcC2ANUyZr77qCkrd3w-1 X-MC-Unique: 8f1_dU6FNuGRpWwgF79WFg-1 X-MC-Unique: TsjPkuILOHGw_kp3By4W6g-3 From: Jim Fehlig To: libvir-list@redhat.com Subject: [PATCH 2/2] security: Avoid calling virSecurityManagerCheckModel with NULL model Date: Wed, 2 Dec 2020 19:57:15 -0700 Message-ID: <20201203025715.31994-3-jfehlig@suse.com> In-Reply-To: <20201203025715.31994-1-jfehlig@suse.com> References: <20201203025715.31994-1-jfehlig@suse.com> X-Originating-IP: [75.169.0.32] X-ClientProxiedBy: AM8P190CA0030.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:219::35) To AM8PR04MB7761.eurprd04.prod.outlook.com (2603:10a6:20b:248::15) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7e3f8c73-7899-425c-be13-08d897373310 X-MS-TrafficTypeDiagnostic: AM0PR04MB6642: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0 X-Microsoft-Antispam-Message-Info: 87N/lcKUTaGMWHPzDxOlsS2r4qCwtztgsmIc8fU23Zou9KXZVmfkdCRZ+WOqGAZ2rJtPKDda7OJggy926CkR8l5XLFwhDyGYJSmnby9JwzLRwJN90At5TH9LOulF+SmNphZg32oT4arPTL6VhbIOC3mDVe74frViyk3uTqy3CYtNwaNl0lz2K+tbdQpWdIQRI4YDpSqCMWOYh9TAZjbJdlTrp+AFFw69EWfIhwAgA0AEnSd6bq3ovL8VWXC3VcHGS+RRf7ni458OcFCEfzry8gEoJsbxlNTnJeXVr55EbMQ7mmHXWI0jHNERF8IYhk5behr7JsrWf20Mbu1xkhCvtj7uibapwIsr2DLyP/8SY3kBHsTg+dSonPTYJX4KuLSN X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM8PR04MB7761.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(136003)(376002)(396003)(346002)(39860400002)(66476007)(66556008)(66946007)(478600001)(956004)(2616005)(7696005)(52116002)(316002)(1076003)(26005)(186003)(6666004)(5660300002)(16526019)(15650500001)(6916009)(83380400001)(2906002)(6486002)(86362001)(107886003)(36756003)(4326008)(8676002)(8936002)(145543001); DIR:OUT; SFP:1101 X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?9+9AeY5cnIkXTFfZFbmMpoklIYuB6aGrAwCZt8Q4eKsyHA2UPWPwT55YN9mY?= =?us-ascii?Q?yxM2U4NztA9BNNtcZ2rPZNXh7GyaVy9BjgvIvJKuNe8tpQ3oOihaUcVMsl1u?= =?us-ascii?Q?PF8fuSWCkfFTULfa9W/Oedy4YcLUZAFgoJp3EQr6sjGDXata/1Mo26Pjn+SD?= =?us-ascii?Q?eRBN9RXeaUvvKnSRBiavP5z2kCd4tuOyQSDSuEDlFfYu4oLFOdUc/cd4JMR6?= =?us-ascii?Q?ohUcpAEHeb0ubmR2p157zPeXc5TYaw0w1mN1Wyot1UaFePsPt8XguCxmsE8a?= =?us-ascii?Q?OwBgOCur564xqe94QT5lsleBf5g28D7XNcfJs949Otc/7P7FYLt0rsl0bcYN?= =?us-ascii?Q?BMyQD64/7TNHsGv15VUY1yEWNFBaeq1uiIyYZQKhus8TVC5rHhjfVfHkcyYk?= =?us-ascii?Q?/vwhWeX7ne2iy3/WXPIlBbLE5Noxp0J+lZ5Ic8Mml9ia+/SJDfZ5i2qQb21y?= =?us-ascii?Q?06A/iJFxttPfsBRWctTM6107jCbt9V1jxosvYD4GT5h/1Br+xacXRErovkih?= =?us-ascii?Q?IetgrH2fG0BFIYdFML9Dp8Hp+tO2Z4SedUSynTSoBvKOc7vODbWPA9jtV3k7?= =?us-ascii?Q?qCYzY9CYpFOpFoE/j+VI0HyfaN5FXSqB2pWYBkR1mtI7/oyF3YhkdEpNBXQZ?= =?us-ascii?Q?4UFm2V7IFGx3MBRC8qs6TXGRNpjV6V0w3+8yUaOjOpJPqXj23D7EvOI0Et4d?= =?us-ascii?Q?rdAV+nY+HGcWiMmIomCZzkXA47JxkQZR7eM/fThEmpBp/DKl1eMV7KJBYDM1?= =?us-ascii?Q?ePghrdVHtfx4/JraJs3fUxJgfVHiCSl0vejihT2Hcw+fCjge4YoXQpf8Hihp?= =?us-ascii?Q?MIQZiQ4NbXW+opZnRkb2+ctEXrZoJUCZUzqQyqjusv+o9quL+1EK1IV7N2OL?= =?us-ascii?Q?3EirKAf3E/AZocOixEpzy5jMlQujwMcMYUyf9TewMt5d1MVwR829tU542KLo?= =?us-ascii?Q?bGYGD7sBSQV/TzHmS7YXNzur2Al/oxFnc+765WuAdbU=3D?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7e3f8c73-7899-425c-be13-08d897373310 X-MS-Exchange-CrossTenant-AuthSource: AM8PR04MB7761.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Dec 2020 02:57:41.1583 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3KEpD2dV+DYGidSMtc7xXQQZFCKqsWiCqBQEPup4LqbQZr/HW8DmcXBMpHmmiI0rBPcyyfPTD4UAvsNvyHgduw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6642 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 0B32vnkw008165 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Attempting to create a domain with results in virsh --connect lxc:/// create distro_nosec.xml error: Failed to create domain from distro_nosec.xml error: unsupported configuration: Security driver model '(null)' is not ava= ilable With , the model field of virSecurityLabelDef will be NULL, causing virSecurityManagerCheckModel() to fail with the above error. Avoid calling virSecurityManagerCheckModel() when they seclabel type is VIR_DOMAIN_SECLABEL_NONE. Signed-off-by: Jim Fehlig --- This could also be fixed by checking for a NULL secmodel in virSecurityManagerCheckModel, but it seems more appropriate to check for a valid seclabel type before checking the model. src/security/security_manager.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index be81ee5e44..789e24d273 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -781,6 +781,9 @@ virSecurityManagerCheckDomainLabel(virSecurityManagerPt= r mgr, size_t i; =20 for (i =3D 0; i < def->nseclabels; i++) { + if (def->seclabels[i]->type =3D=3D VIR_DOMAIN_SECLABEL_NONE) + continue; + if (virSecurityManagerCheckModel(mgr, def->seclabels[i]->model) < = 0) return -1; } --=20 2.29.2