[PATCH v3 1/3] conf: Always format seclabel's model

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1113860

We've always done that. Well, until 990e46c45. Point is, if we don't
format model, we may lose a domain on libvirtd restart. If the
seclabel is implicit however, we should skip it's formatting.

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
 src/conf/domain_conf.c                             | 34 +++++++++++++++-------
 .../qemuxml2argv-seclabel-dynamic-none.xml         | 28 ++++++++++++++++++
 tests/qemuxml2xmltest.c                            |  1 +
 3 files changed, 52 insertions(+), 11 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-none.xml

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b91ccf7..7b90903 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4614,8 +4614,23 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
     /* For the model 'none' none of the following labels is going to be
      * present. Hence, return now. */
 
-    if (STREQ_NULLABLE(def->model, "none"))
+    if (STREQ_NULLABLE(def->model, "none")) {
+        if (flags & VIR_DOMAIN_XML_INACTIVE) {
+            /* Fix older configurations */
+            def->type = VIR_DOMAIN_SECLABEL_NONE;
+            def->relabel = false;
+        } else {
+            if (def->type != VIR_DOMAIN_SECLABEL_NONE) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                               _("unsupported type='%s' to model 'none'"),
+                               virDomainSeclabelTypeToString(def->type));
+                goto error;
+            }
+            /* combination of relabel='yes' and type='static'
+             * is checked a few lines above. */
+        }
         return def;
+    }
 
     /* Only parse label, if using static labels, or
      * if the 'live' VM XML is requested
@@ -14690,8 +14705,7 @@ virDomainEventActionDefFormat(virBufferPtr buf,
 
 static void
 virSecurityLabelDefFormat(virBufferPtr buf,
-                          virSecurityLabelDefPtr def,
-                          unsigned flags)
+                          virSecurityLabelDefPtr def)
 {
     const char *sectype = virDomainSeclabelTypeToString(def->type);
 
@@ -14701,19 +14715,17 @@ virSecurityLabelDefFormat(virBufferPtr buf,
     if (def->type == VIR_DOMAIN_SECLABEL_DEFAULT)
         return;
 
-    /* To avoid backward compatibility issues, suppress DAC labels that are
-     * automatically generated.
+    /* To avoid backward compatibility issues, suppress DAC and 'none' labels
+     * that are automatically generated.
      */
-    if (STREQ_NULLABLE(def->model, "dac") && def->implicit)
+    if ((STREQ_NULLABLE(def->model, "dac") ||
+         STREQ_NULLABLE(def->model, "none")) && def->implicit)
         return;
 
     virBufferAsprintf(buf, "<seclabel type='%s'",
                       sectype);
 
-    /* When generating state XML do include the model */
-    if (flags & VIR_DOMAIN_XML_INTERNAL_STATUS ||
-        STRNEQ_NULLABLE(def->model, "none"))
-        virBufferEscapeString(buf, " model='%s'", def->model);
+    virBufferEscapeString(buf, " model='%s'", def->model);
 
     if (def->type == VIR_DOMAIN_SECLABEL_NONE) {
         virBufferAddLit(buf, "/>\n");
@@ -17923,7 +17935,7 @@ virDomainDefFormatInternal(virDomainDefPtr def,
     virBufferAddLit(buf, "</devices>\n");
 
     for (n = 0; n < def->nseclabels; n++)
-        virSecurityLabelDefFormat(buf, def->seclabels[n], flags);
+        virSecurityLabelDefFormat(buf, def->seclabels[n]);
 
     if (def->namespaceData && def->ns.format) {
         if ((def->ns.format)(buf, def->namespaceData) < 0)
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-none.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-none.xml
new file mode 100644
index 0000000..cec59f8
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-none.xml
@@ -0,0 +1,28 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219100</memory>
+  <currentMemory unit='KiB'>219100</currentMemory>
+  <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <disk type='block' device='disk'>
+      <source dev='/dev/HostVG/QEMUGuest1'/>
+      <target dev='hda' bus='ide'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0'/>
+    <controller type='ide' index='0'/>
+    <controller type='pci' index='0' model='pci-root'/>
+    <memballoon model='virtio'/>
+  </devices>
+  <seclabel type='none' model='none'/>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 26e3cad..9f919de 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -307,6 +307,7 @@ mymain(void)
     DO_TEST_FULL("seclabel-static-labelskip", false, WHEN_ACTIVE);
     DO_TEST("seclabel-none");
     DO_TEST("seclabel-dac-none");
+    DO_TEST("seclabel-dynamic-none");
     DO_TEST("numad-static-vcpu-no-numatune");
     DO_TEST("disk-scsi-lun-passthrough-sgio");
 
-- 
1.8.5.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]