https://bugzilla.redhat.com/show_bug.cgi?id=1113860 We've always done that. Well, until 990e46c45. Point is, if we don't format model, we may lose a domain on libvirtd restart. If the seclabel is implicit however, we should skip it's formatting. Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> --- src/conf/domain_conf.c | 34 +++++++++++++++------- .../qemuxml2argv-seclabel-dynamic-none.xml | 28 ++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 3 files changed, 52 insertions(+), 11 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-none.xml diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index b91ccf7..7b90903 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -4614,8 +4614,23 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, /* For the model 'none' none of the following labels is going to be * present. Hence, return now. */ - if (STREQ_NULLABLE(def->model, "none")) + if (STREQ_NULLABLE(def->model, "none")) { + if (flags & VIR_DOMAIN_XML_INACTIVE) { + /* Fix older configurations */ + def->type = VIR_DOMAIN_SECLABEL_NONE; + def->relabel = false; + } else { + if (def->type != VIR_DOMAIN_SECLABEL_NONE) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unsupported type='%s' to model 'none'"), + virDomainSeclabelTypeToString(def->type)); + goto error; + } + /* combination of relabel='yes' and type='static' + * is checked a few lines above. */ + } return def; + } /* Only parse label, if using static labels, or * if the 'live' VM XML is requested @@ -14690,8 +14705,7 @@ virDomainEventActionDefFormat(virBufferPtr buf, static void virSecurityLabelDefFormat(virBufferPtr buf, - virSecurityLabelDefPtr def, - unsigned flags) + virSecurityLabelDefPtr def) { const char *sectype = virDomainSeclabelTypeToString(def->type); @@ -14701,19 +14715,17 @@ virSecurityLabelDefFormat(virBufferPtr buf, if (def->type == VIR_DOMAIN_SECLABEL_DEFAULT) return; - /* To avoid backward compatibility issues, suppress DAC labels that are - * automatically generated. + /* To avoid backward compatibility issues, suppress DAC and 'none' labels + * that are automatically generated. */ - if (STREQ_NULLABLE(def->model, "dac") && def->implicit) + if ((STREQ_NULLABLE(def->model, "dac") || + STREQ_NULLABLE(def->model, "none")) && def->implicit) return; virBufferAsprintf(buf, "<seclabel type='%s'", sectype); - /* When generating state XML do include the model */ - if (flags & VIR_DOMAIN_XML_INTERNAL_STATUS || - STRNEQ_NULLABLE(def->model, "none")) - virBufferEscapeString(buf, " model='%s'", def->model); + virBufferEscapeString(buf, " model='%s'", def->model); if (def->type == VIR_DOMAIN_SECLABEL_NONE) { virBufferAddLit(buf, "/>\n"); @@ -17923,7 +17935,7 @@ virDomainDefFormatInternal(virDomainDefPtr def, virBufferAddLit(buf, "</devices>\n"); for (n = 0; n < def->nseclabels; n++) - virSecurityLabelDefFormat(buf, def->seclabels[n], flags); + virSecurityLabelDefFormat(buf, def->seclabels[n]); if (def->namespaceData && def->ns.format) { if ((def->ns.format)(buf, def->namespaceData) < 0) diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-none.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-none.xml new file mode 100644 index 0000000..cec59f8 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-none.xml @@ -0,0 +1,28 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu> + <os> + <type arch='i686' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <disk type='block' device='disk'> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='hda' bus='ide'/> + <address type='drive' controller='0' bus='0' target='0' unit='0'/> + </disk> + <controller type='usb' index='0'/> + <controller type='ide' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <memballoon model='virtio'/> + </devices> + <seclabel type='none' model='none'/> +</domain> diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 26e3cad..9f919de 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -307,6 +307,7 @@ mymain(void) DO_TEST_FULL("seclabel-static-labelskip", false, WHEN_ACTIVE); DO_TEST("seclabel-none"); DO_TEST("seclabel-dac-none"); + DO_TEST("seclabel-dynamic-none"); DO_TEST("numad-static-vcpu-no-numatune"); DO_TEST("disk-scsi-lun-passthrough-sgio"); -- 1.8.5.5 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list