In our RNG schema we do allow multiple (different) seclabels per-domain,
but don't allow this for devices, yet we neither have a check in our XML parser,
nor in a post-parse callback. In that case we should allow multiple
(different) seclabels for devices as well.
---
docs/schemas/domaincommon.rng | 16 +++++------
.../qemuxml2argv-seclabel-device-multiple.xml | 32 ++++++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
3 files changed, 41 insertions(+), 8 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-device-multiple.xml
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index d467dce..b1f4eaa 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1344,9 +1344,9 @@
<optional>
<ref name="storageStartupPolicy"/>
</optional>
- <optional>
+ <zeroOrMore>
<ref name='devSeclabel'/>
- </optional>
+ </zeroOrMore>
</element>
</optional>
</interleave>
@@ -1367,9 +1367,9 @@
<optional>
<ref name="storageStartupPolicy"/>
</optional>
- <optional>
+ <zeroOrMore>
<ref name='devSeclabel'/>
- </optional>
+ </zeroOrMore>
</element>
</optional>
</interleave>
@@ -1497,9 +1497,9 @@
<optional>
<ref name="storageStartupPolicy"/>
</optional>
- <optional>
+ <zeroOrMore>
<ref name='devSeclabel'/>
- </optional>
+ </zeroOrMore>
</element>
</optional>
</interleave>
@@ -3195,9 +3195,9 @@
<optional>
<attribute name="slave"/>
</optional>
- <optional>
+ <zeroOrMore>
<ref name='devSeclabel'/>
- </optional>
+ </zeroOrMore>
</element>
</zeroOrMore>
<optional>
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-device-multiple.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-device-multiple.xml
new file mode 100644
index 0000000..ce7f4f7
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-device-multiple.xml
@@ -0,0 +1,32 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'>
+ <seclabel model='selinux' relabel='yes'>
+ <label>system_u:system_r:svirt_custom_t:s0:c192,c392</label>
+ </seclabel>
+ <seclabel model='dac' relabel='no'/>
+ </source>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index d3dfd9e..cc29083 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -337,6 +337,7 @@ mymain(void)
DO_TEST_DIFFERENT("seclabel-none");
DO_TEST("seclabel-dac-none");
DO_TEST("seclabel-dynamic-none");
+ DO_TEST("seclabel-device-multiple");
DO_TEST_FULL("seclabel-dynamic-none-relabel", true, WHEN_INACTIVE);
DO_TEST("numad-static-vcpu-no-numatune");
DO_TEST("disk-scsi-lun-passthrough-sgio");
--
1.9.3
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list