apparmor: avoid copying empty profile name

AppArmorGetSecurityProcessLabel copies the VM's profile name to the
label member of virSecurityLabel struct. If the profile is not loaded,
the name is set empty before calling virStrcpy to copy it. However,
virStrcpy will fail if src is empty (0 length), causing
AppArmorGetSecurityProcessLabel to needlessly fail. Simple operations
that report security driver information will subsequently fail

virsh dominfo test
Id:             248
Name:           test
...
Security model: apparmor
Security DOI:   0
error: internal error: error copying profile name

Avoid copying an empty profile name when the profile is not loaded.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 6d16b15c6580abfa866ca0b5f352525caa2bbfd4..77eee9410c4bf2162a6c5db65fee404cf7ea819b 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -525,14 +525,13 @@ AppArmorGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                        "%s", _("error getting profile status"));
         goto cleanup;
     } else if (status == -1) {
-        profile_name[0] = '\0';
-    }
-
-    if (virStrcpy(sec->label, profile_name,
-        VIR_SECURITY_LABEL_BUFLEN) < 0) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       "%s", _("error copying profile name"));
-        goto cleanup;
+        sec->label[0] = '\0';
+    } else {
+        if (virStrcpy(sec->label, profile_name, VIR_SECURITY_LABEL_BUFLEN) < 0) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           "%s", _("error copying profile name"));
+            goto cleanup;
+        }
     }
 
     sec->enforcing = status == 1;