From nobody Sun Feb 8 18:32:57 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1609784465; cv=none; d=zohomail.com; s=zohoarc; b=WdesVQWbE7WzqoPksVZ/arfIfUDlzx7Fo7dwUE8mEZ4ILKVmG/d/fewW6jN3WGhvL8hNt8eL1JlBtpH1AGix46dS1gRL3mo9MIry7iXEbGdAJ9YLAotzgCLUULkd2CsMckqXPoqrvq1SOqHS2LDi+LWs0e/JXfWdfJQ+bR+6kik= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1609784465; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=kk97hQQCjumQs/GUt0F1VWEtZwdfnBz3HekWuixiOi0=; b=Pa1mcnF2f+445VkRRauzBXwq6/UAObXQ2TsdZYnwj4LRSUHvTiSwfA8CD4iT5Xv13bLg69Y8OY4q1849kZpOZlt5oiCtav2D7f283guRtqIuLr41gl4fAL3BckiLbEZq+yYJU0py/rNh/0b/Rilv0O9rO+y0OUHg6dcEwoEx+vA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1609784465230915.8740403438615; Mon, 4 Jan 2021 10:21:05 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-3-y5UvvHAVPeylMMQ4A2Whkg-1; Mon, 04 Jan 2021 13:21:01 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BBF5210054FF; Mon, 4 Jan 2021 18:20:55 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9B59B60BFA; Mon, 4 Jan 2021 18:20:55 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 64EC4180954D; Mon, 4 Jan 2021 18:20:55 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 104IKsMK018189 for ; Mon, 4 Jan 2021 13:20:54 -0500 Received: by smtp.corp.redhat.com (Postfix) id 97BE05D768; Mon, 4 Jan 2021 18:20:54 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.192.243]) by smtp.corp.redhat.com (Postfix) with ESMTP id 17AB75D764 for ; Mon, 4 Jan 2021 18:20:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1609784464; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=kk97hQQCjumQs/GUt0F1VWEtZwdfnBz3HekWuixiOi0=; b=ZsWAEFDGHaksjJegbUM/wQlWuiwCTMWi/BnpV8lm/rZo0b8JLpOsn2wfCQlw/zi31tYndx v6c4qoW4oSazfWKeOuqwCn18tYfeYaiHfmQzDjy7xRc8UP/FA10ObqaCmxkB+qNGBgfn0W W/aYthRrd0cShUN247oT44TKWqWPBig= X-MC-Unique: y5UvvHAVPeylMMQ4A2Whkg-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 2/5] qemu: Obtain @caps only after ACL check in qemuNodeGetSecurityModel Date: Mon, 4 Jan 2021 19:20:42 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Even though we are getting driver capabilities with refresh=3Dfalse (so that it is not expensive), we still should do ACL check first because there is no point in bothering with the capabilities if caller doesn't have permissions to call the API. Also, this way the comment makes more sense. Signed-off-by: Michal Privoznik --- src/qemu/qemu_driver.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index a9e8f660c7..96ec84bd1c 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -5934,14 +5934,12 @@ static int qemuNodeGetSecurityModel(virConnectPtr c= onn, =20 memset(secmodel, 0, sizeof(*secmodel)); =20 - if (!(caps =3D virQEMUDriverGetCapabilities(driver, false))) - return 0; - if (virNodeGetSecurityModelEnsureACL(conn) < 0) return 0; =20 /* We treat no driver as success, but simply return no data in *secmod= el */ - if (caps->host.nsecModels =3D=3D 0 || + if (!(caps =3D virQEMUDriverGetCapabilities(driver, false)) || + caps->host.nsecModels =3D=3D 0 || caps->host.secModels[0].model =3D=3D NULL) return 0; =20 --=20 2.26.2