NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

conf: Don't always require security/@model

Browse Source 
Only parse model, if static labelling, or
a base label is set, or doing active XML.
This commit is contained in:
Michal Privoznik 2012-08-24 14:59:59 +02:00
parent 9f9b7b85c9
commit 0ee655f5f5
1 changed files with 25 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/conf/domain_conf.c
View File

@ -3121,14 +3121,22 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
def->baselabel = p; def->baselabel = p;
} }
/* Always parse model */ /* Only parse model, if static labelling, or a base
p = virXPathStringLimit("string(./@model)", * label is set, or doing active XML
VIR_SECURITY_MODEL_BUFLEN-1, ctxt); */
if (p == NULL && def->type != VIR_DOMAIN_SECLABEL_NONE) { if (def->type == VIR_DOMAIN_SECLABEL_STATIC ||
virReportError(VIR_ERR_XML_ERROR, def->baselabel ||
"%s", _("missing security model")); (!(flags & VIR_DOMAIN_XML_INACTIVE) &&
def->type != VIR_DOMAIN_SECLABEL_NONE)) {
p = virXPathStringLimit("string(./@model)",
VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
if (p == NULL && def->type != VIR_DOMAIN_SECLABEL_NONE) {
virReportError(VIR_ERR_XML_ERROR,
"%s", _("missing security model"));
}
def->model = p;
} }
def->model = p;
return def; return def;
@ -3225,12 +3233,8 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
for (i = 0; i < n; i++) { for (i = 0; i < n; i++) {
/* get model associated to this override */ /* get model associated to this override */
model = virXMLPropString(list[i], "model"); model = virXMLPropString(list[i], "model");
if (model == NULL) { if (model) {
virReportError(VIR_ERR_XML_ERROR, "%s", /* find the security label that it's being overridden */
_("invalid security model"));
goto error;
} else {
/* find the security label that it's being overriden */
for (j = 0; j < nvmSeclabels; j++) { for (j = 0; j < nvmSeclabels; j++) {
if (STREQ(vmSeclabels[j]->model, model)) { if (STREQ(vmSeclabels[j]->model, model)) {
vmDef = vmSeclabels[j]; vmDef = vmSeclabels[j];
@ -3275,7 +3279,7 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
virReportError(VIR_ERR_XML_ERROR, virReportError(VIR_ERR_XML_ERROR,
_("Cannot specify a label if relabelling is " _("Cannot specify a label if relabelling is "
"turned off. model=%s"), "turned off. model=%s"),
def->seclabels[i]->model); NULLSTR(def->seclabels[i]->model));
goto error; goto error;
} }
} }
@ -11271,8 +11275,13 @@ static void
virSecurityDeviceLabelDefFormat(virBufferPtr buf, virSecurityDeviceLabelDefFormat(virBufferPtr buf,
virSecurityDeviceLabelDefPtr def) virSecurityDeviceLabelDefPtr def)
{ {
virBufferAsprintf(buf, "<seclabel model='%s' relabel='%s'", virBufferAsprintf(buf, "<seclabel");
def->model, def->norelabel ? "no" : "yes");
if (def->model)
virBufferAsprintf(buf, " model='%s'", def->model);
virBufferAsprintf(buf, " relabel='%s'", def->norelabel ? "no" : "yes");
if (def->label) { if (def->label) {
virBufferAddLit(buf, ">\n"); virBufferAddLit(buf, ">\n");
virBufferEscapeString(buf, " <label>%s</label>\n", virBufferEscapeString(buf, " <label>%s</label>\n",