virSecurityManagerGenLabel: Skip seclabels without model

While generating seclabels, we check the seclabel stack if required
driver is in the stack. If not, an error is returned. However, it is
possible for a seclabel to not have any model set (happens with LXC
domains that have just <seclabel type='none'>). If that's the case,
we should just skip the iteration instead of calling STREQ(NULL, ...)
and SIGSEGV-ing subsequently.

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 6946637dd2a191363ef5af349d1f1782d0cd30e4..411a9097cd573372b754e4d8f8a3a91e5f305210 100644 (file)
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -436,6 +436,9 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
 
     virObjectLock(mgr);
     for (i = 0; i < vm->nseclabels; i++) {
+        if (!vm->seclabels[i]->model)
+            continue;
+
         for (j = 0; sec_managers[j]; j++)
             if (STREQ(vm->seclabels[i]->model, sec_managers[j]->drv->name))
                 break;