Since seclabels are formatted along with the source element and will also make sense to be passed for the backing chain we should parse them in the place where we parse the disk source. Same applies for validation. Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> --- src/conf/domain_conf.c | 39 +++++++++++++++------------------------ 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 6c2a2f3a75..d1ff80feb7 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -8631,6 +8631,10 @@ virDomainDiskSourceParse(xmlNodePtr node, !(src->encryption = virStorageEncryptionParseNode(tmp, ctxt))) goto cleanup; + if (virSecurityDeviceLabelDefParseXML(&src->seclabels, &src->nseclabels, + ctxt, flags) < 0) + goto cleanup; + if (virDomainDiskSourcePrivateDataParse(ctxt, src, flags, xmlopt) < 0) goto cleanup; @@ -8985,7 +8989,10 @@ virDomainDiskSourceDefParseAuthValidate(const virStorageSource *src) static int -virDomainDiskDefParseValidate(const virDomainDiskDef *def) +virDomainDiskDefParseValidate(const virDomainDiskDef *def, + virSecurityLabelDefPtr *vmSeclabels, + size_t nvmSeclabels) + { virStorageSourcePtr next; @@ -9075,6 +9082,12 @@ virDomainDiskDefParseValidate(const virDomainDiskDef *def) return -1; } } + + if (virSecurityDeviceLabelDefValidateXML(next->seclabels, + next->nseclabels, + vmSeclabels, + nvmSeclabels) < 0) + return -1; } return 0; @@ -9222,7 +9235,6 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt, unsigned int flags) { virDomainDiskDefPtr def; - xmlNodePtr sourceNode = NULL; xmlNodePtr cur; xmlNodePtr save_ctxt = ctxt->node; char *tmp = NULL; @@ -9281,8 +9293,6 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt, continue; if (!source && virXMLNodeNameEqual(cur, "source")) { - sourceNode = cur; - if (virDomainDiskSourceParse(cur, ctxt, def->src, flags, xmlopt) < 0) goto error; @@ -9460,25 +9470,6 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt, goto error; } - /* If source is present, check for an optional seclabel override. */ - if (sourceNode) { - xmlNodePtr saved_node = ctxt->node; - ctxt->node = sourceNode; - if (virSecurityDeviceLabelDefParseXML(&def->src->seclabels, - &def->src->nseclabels, - ctxt, - flags) < 0) - goto error; - - if (virSecurityDeviceLabelDefValidateXML(def->src->seclabels, - def->src->nseclabels, - vmSeclabels, - nvmSeclabels) < 0) - goto error; - - ctxt->node = saved_node; - } - if (!target && !(flags & VIR_DOMAIN_DEF_PARSE_DISK_SOURCE)) { if (def->src->srcpool) { if (virAsprintf(&tmp, "pool = '%s', volume = '%s'", @@ -9644,7 +9635,7 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt, goto error; } - if (virDomainDiskDefParseValidate(def) < 0) + if (virDomainDiskDefParseValidate(def, vmSeclabels, nvmSeclabels) < 0) goto error; cleanup: -- 2.16.2 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list