qemu: Clean up security driver initialisation and config file

Commit d0c0e79ac646462aaa815f81ad324a0d3ef12954 left behind some dead
code (hasDAC can't be efectively set to true, because
virSecurityManagerNew fails to load the "dac" driver).

This patch also enhances the condition for adding the default
auto-detected security manager if the manager array is allocated but
empty.

Also the configuration file for qemu driver still contains reference to
the DAC driver that can't be enabled manualy.

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index fb22b7cd8916daf63c64f0280df332a73964a524..d3175fa750cdf93f3ce396c4c8eea9df112ec971 100644 (file)
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -162,7 +162,9 @@
 # driver at the same time, for this use a list of names separated by
 # comma and delimited by square brackets. For example:
 #
-#       security_driver = [ "selinux", "dac" ]
+#       security_driver = [ "selinux", "apparmor" ]
+#
+# Note: The DAC security driver is always enabled.
 #
 #security_driver = "selinux"
 

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 5d9f8c993270d125956be3b2141e2c9ec10e8ec8..7c0a5c3a66c4cd9aa8ce90c359fdea64bad26710 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -251,14 +251,11 @@ qemuSecurityInit(struct qemud_driver *driver)
     char **names;
     virSecurityManagerPtr mgr = NULL;
     virSecurityManagerPtr stack = NULL;
-    bool hasDAC = false;
 
-    if (driver->securityDriverNames) {
+    if (driver->securityDriverNames &&
+        driver->securityDriverNames[0]) {
         names = driver->securityDriverNames;
         while (names && *names) {
-            if (STREQ("dac", *names))
-                hasDAC = true;
-
             if (!(mgr = virSecurityManagerNew(*names,
                                               QEMU_DRIVER_NAME,
                                               driver->allowDiskFormatProbing,
@@ -287,7 +284,7 @@ qemuSecurityInit(struct qemud_driver *driver)
         mgr = NULL;
     }
 
-    if (!hasDAC && driver->privileged) {
+    if (driver->privileged) {
         if (!(mgr = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
                                              driver->user,
                                              driver->group,