On 09/04/2014 03:24 AM, Michal Privoznik wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1027096#c8 > > There are two ways in which security model can make it way into > <seclabel/>. One is as the @model attribute, the second one is > via security_driver knob in qemu.conf. Then, while parsing > <seclabel/> several checks and fix ups of old, stale combinations > are performed. However, iff @model is specified. They are not > done in the latter case. So it's still possible to feed libvirt > with senseless combinations (if qemu.conf is adjusted correctly). A design choice that keeps on giving... maybe someday we'll be bug-free on all possible label scenarios. > > One example of a seclabel that needs some adjustment (in case > security_driver=none in qemu.conf) is: > > <seclabel type='dynamic' relabel='yes'/> > > The fixup code is copied from virSecurityLabelDefParseXML > (covering the former case) into virSecurityLabelDefsParseXML > (which handles the latter case). > > Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> > --- > src/conf/domain_conf.c | 7 +++++++ > 1 file changed, 7 insertions(+) ACK. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list