File 281a7f1d-apparmor-avoid-copying-empty-profile-name.patch of Package libvirt.22292
commit 281a7f1d400aeb0d4d53dd3b628b7275f49854d0
Author: Jim Fehlig <jfehlig@suse.com>
Date: Mon Sep 9 09:50:39 2019 -0600
apparmor: avoid copying empty profile name
AppArmorGetSecurityProcessLabel copies the VM's profile name to the
label member of virSecurityLabel struct. If the profile is not loaded,
the name is set empty before calling virStrcpy to copy it. However,
virStrcpy will fail if src is empty (0 length), causing
AppArmorGetSecurityProcessLabel to needlessly fail. Simple operations
that report security driver information will subsequently fail
virsh dominfo test
Id: 248
Name: test
...
Security model: apparmor
Security DOI: 0
error: internal error: error copying profile name
Avoid copying an empty profile name when the profile is not loaded.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Index: libvirt-5.1.0/src/security/security_apparmor.c
===================================================================
--- libvirt-5.1.0.orig/src/security/security_apparmor.c
+++ libvirt-5.1.0/src/security/security_apparmor.c
@@ -525,14 +525,13 @@ AppArmorGetSecurityProcessLabel(virSecur
"%s", _("error getting profile status"));
goto cleanup;
} else if (status == -1) {
- profile_name[0] = '\0';
- }
-
- if (virStrcpy(sec->label, profile_name,
- VIR_SECURITY_LABEL_BUFLEN) < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- "%s", _("error copying profile name"));
- goto cleanup;
+ sec->label[0] = '\0';
+ } else {
+ if (virStrcpy(sec->label, profile_name, VIR_SECURITY_LABEL_BUFLEN) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("error copying profile name"));
+ goto cleanup;
+ }
}
sec->enforcing = status == 1;
