xenbits.xensource.com Git - libvirt.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Thu, 30 Aug 2012 00:37:01 +0000 (01:37 +0100)
committer	Daniel Veillard <veillard@redhat.com>
	Thu, 30 Aug 2012 03:36:28 +0000 (11:36 +0800)
commit	d0c0e79ac646462aaa815f81ad324a0d3ef12954
tree	1ce04aa6b0b91ec6e73aaf70674cabc50ea22773	tree
parent	eb8e9b6027512edf2c93343f430e7e6429af0ff5	commit \| diff

Fix configuration of QEMU security drivers

If no 'security_driver' config option was set, then the code
just loaded the 'dac' security driver. This is a regression
on previous behaviour, where we would probe for a possible
security driver. ie default to SELinux if available.

This changes things so that it 'security_driver' is not set,
we once again do probing. For simplicity we also always
create the stack driver, even if there is only one driver
active.

The desired semantics are:

- security_driver not set
     -> probe for selinux/apparmour/nop
     -> auto-add DAC driver
- security_driver set to a string
     -> add that one driver
     -> auto-add DAC driver
- security_driver set to a list
     -> add all drivers in list
     -> auto-add DAC driver

It is not allowed, or possible to specify 'dac' in the
security_driver config param, since that is always
enabled.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

src/qemu/qemu_driver.c		diff \| blob \| blame \| history
src/security/security_manager.c		diff \| blob \| blame \| history
src/security/security_stack.c		diff \| blob \| blame \| history
src/security/security_stack.h		diff \| blob \| blame \| history