From: Jim Fehlig <jfehlig@suse.com>
Date: Wed, 27 Feb 2013 23:32:35 +0000 (-0700)
Subject: Fix starting qemu instances when apparmor driver is enabled
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=438a3850db819fad8a30a06736533010677cd0e7;p=libvirt.git

Fix starting qemu instances when apparmor driver is enabled

With the apparmor security driver enabled, qemu instances fail
to start

# grep ^security_driver /etc/libvirt/qemu.conf
security_driver = "apparmor"
# virsh start test-kvm
error: Failed to start domain test-kvm
error: internal error security label already defined for VM

The model field of virSecurityLabelDef object is always populated
by virDomainDefGetSecurityLabelDef(), so remove the check for a
NULL model when verifying if a label is already defined for the
instance.

Checking for a NULL model and populating it later in
AppArmorGenSecurityLabel() has been left in the code to be
consistent with virSecuritySELinuxGenSecurityLabel().
---

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index ddc1fe4b4b..2e6a57f77f 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -436,8 +436,7 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
         return rc;
     }
 
-    if ((secdef->label) ||
-        (secdef->model) || (secdef->imagelabel)) {
+    if (secdef->label || secdef->imagelabel) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        "%s",
                        _("security label already defined for VM"));
@@ -461,8 +460,7 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
         goto err;
     }
 
-    secdef->model = strdup(SECURITY_APPARMOR_NAME);
-    if (!secdef->model) {
+    if (!secdef->model && !(secdef->model = strdup(SECURITY_APPARMOR_NAME))) {
         virReportOOMError();
         goto err;
     }