[PATCH 08/10] conf: Parse and validate disk source seclabels together with the source

Peter Krempa <pkrempa@xxxxxxxxxx> · Tue, 13 Mar 2018 15:37:34 +0100

Since seclabels are formatted along with the source element and will
also make sense to be passed for the backing chain we should parse them
in the place where we parse the disk source. Same applies for
validation.

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 src/conf/domain_conf.c | 39 +++++++++++++++------------------------
 1 file changed, 15 insertions(+), 24 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 6c2a2f3a75..d1ff80feb7 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8631,6 +8631,10 @@ virDomainDiskSourceParse(xmlNodePtr node,
         !(src->encryption = virStorageEncryptionParseNode(tmp, ctxt)))
         goto cleanup;

+    if (virSecurityDeviceLabelDefParseXML(&src->seclabels, &src->nseclabels,
+                                          ctxt, flags) < 0)
+        goto cleanup;
+
     if (virDomainDiskSourcePrivateDataParse(ctxt, src, flags, xmlopt) < 0)
         goto cleanup;

@@ -8985,7 +8989,10 @@ virDomainDiskSourceDefParseAuthValidate(const virStorageSource *src)


 static int
-virDomainDiskDefParseValidate(const virDomainDiskDef *def)
+virDomainDiskDefParseValidate(const virDomainDiskDef *def,
+                              virSecurityLabelDefPtr *vmSeclabels,
+                              size_t nvmSeclabels)
+
 {
     virStorageSourcePtr next;

@@ -9075,6 +9082,12 @@ virDomainDiskDefParseValidate(const virDomainDiskDef *def)
                 return -1;
             }
         }
+
+        if (virSecurityDeviceLabelDefValidateXML(next->seclabels,
+                                                 next->nseclabels,
+                                                 vmSeclabels,
+                                                 nvmSeclabels) < 0)
+            return -1;
     }

     return 0;
@@ -9222,7 +9235,6 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
                          unsigned int flags)
 {
     virDomainDiskDefPtr def;
-    xmlNodePtr sourceNode = NULL;
     xmlNodePtr cur;
     xmlNodePtr save_ctxt = ctxt->node;
     char *tmp = NULL;
@@ -9281,8 +9293,6 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
             continue;

         if (!source && virXMLNodeNameEqual(cur, "source")) {
-            sourceNode = cur;
-
             if (virDomainDiskSourceParse(cur, ctxt, def->src, flags, xmlopt) < 0)
                 goto error;

@@ -9460,25 +9470,6 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
         goto error;
     }

-    /* If source is present, check for an optional seclabel override.  */
-    if (sourceNode) {
-        xmlNodePtr saved_node = ctxt->node;
-        ctxt->node = sourceNode;
-        if (virSecurityDeviceLabelDefParseXML(&def->src->seclabels,
-                                              &def->src->nseclabels,
-                                              ctxt,
-                                              flags) < 0)
-            goto error;
-
-        if (virSecurityDeviceLabelDefValidateXML(def->src->seclabels,
-                                                 def->src->nseclabels,
-                                                 vmSeclabels,
-                                                 nvmSeclabels) < 0)
-            goto error;
-
-        ctxt->node = saved_node;
-    }
-
     if (!target && !(flags & VIR_DOMAIN_DEF_PARSE_DISK_SOURCE)) {
         if (def->src->srcpool) {
             if (virAsprintf(&tmp, "pool = '%s', volume = '%s'",
@@ -9644,7 +9635,7 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
             goto error;
     }

-    if (virDomainDiskDefParseValidate(def) < 0)
+    if (virDomainDiskDefParseValidate(def, vmSeclabels, nvmSeclabels) < 0)
         goto error;

  cleanup:
-- 
2.16.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list






