[PATCH v2 4/4] schema: allow multiple seclabel for devices in domaincommon.rng

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In our RNG schema we do allow multiple (different) seclabels per-domain,
but don't allow this for devices, yet we neither have a check in our XML parser,
nor in a post-parse callback. In that case we should allow multiple
(different) seclabels for devices as well.
---
 docs/schemas/domaincommon.rng                      | 16 +++++------
 .../qemuxml2argv-seclabel-device-multiple.xml      | 32 ++++++++++++++++++++++
 tests/qemuxml2xmltest.c                            |  1 +
 3 files changed, 41 insertions(+), 8 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-device-multiple.xml

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index d467dce..b1f4eaa 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1344,9 +1344,9 @@
           <optional>
             <ref name="storageStartupPolicy"/>
           </optional>
-          <optional>
+          <zeroOrMore>
             <ref name='devSeclabel'/>
-          </optional>
+          </zeroOrMore>
         </element>
       </optional>
     </interleave>
@@ -1367,9 +1367,9 @@
           <optional>
             <ref name="storageStartupPolicy"/>
           </optional>
-          <optional>
+          <zeroOrMore>
             <ref name='devSeclabel'/>
-          </optional>
+          </zeroOrMore>
         </element>
       </optional>
     </interleave>
@@ -1497,9 +1497,9 @@
           <optional>
             <ref name="storageStartupPolicy"/>
           </optional>
-          <optional>
+          <zeroOrMore>
             <ref name='devSeclabel'/>
-          </optional>
+          </zeroOrMore>
         </element>
       </optional>
     </interleave>
@@ -3195,9 +3195,9 @@
         <optional>
           <attribute name="slave"/>
         </optional>
-        <optional>
+        <zeroOrMore>
           <ref name='devSeclabel'/>
-        </optional>
+        </zeroOrMore>
       </element>
     </zeroOrMore>
     <optional>
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-device-multiple.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-device-multiple.xml
new file mode 100644
index 0000000..ce7f4f7
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-device-multiple.xml
@@ -0,0 +1,32 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219100</memory>
+  <currentMemory unit='KiB'>219100</currentMemory>
+  <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <disk type='block' device='disk'>
+      <source dev='/dev/HostVG/QEMUGuest1'>
+        <seclabel model='selinux' relabel='yes'>
+          <label>system_u:system_r:svirt_custom_t:s0:c192,c392</label>
+        </seclabel>
+        <seclabel model='dac' relabel='no'/>
+      </source>
+      <target dev='hda' bus='ide'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0'/>
+    <controller type='ide' index='0'/>
+    <controller type='pci' index='0' model='pci-root'/>
+    <memballoon model='virtio'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index d3dfd9e..cc29083 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -337,6 +337,7 @@ mymain(void)
     DO_TEST_DIFFERENT("seclabel-none");
     DO_TEST("seclabel-dac-none");
     DO_TEST("seclabel-dynamic-none");
+    DO_TEST("seclabel-device-multiple");
     DO_TEST_FULL("seclabel-dynamic-none-relabel", true, WHEN_INACTIVE);
     DO_TEST("numad-static-vcpu-no-numatune");
     DO_TEST("disk-scsi-lun-passthrough-sgio");
-- 
1.9.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]