[libvirt PATCH 14/15] conf: Move validation check out of postparse

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The reason why it was in postparse in the first place was so
that we could could automatically enable the secure-boot feature
in some cases, but that no longer happens so we can finally move
it to the proper location.

Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx>
---
 src/conf/domain_postparse.c | 10 ----------
 src/conf/domain_validate.c  |  8 ++++++++
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/src/conf/domain_postparse.c b/src/conf/domain_postparse.c
index 79862a72cd..2832705d0f 100644
--- a/src/conf/domain_postparse.c
+++ b/src/conf/domain_postparse.c
@@ -93,16 +93,6 @@ virDomainDefPostParseMemory(virDomainDef *def,
 static int
 virDomainDefPostParseOs(virDomainDef *def)
 {
-    if (def->os.firmwareFeatures &&
-        def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] == VIR_TRISTATE_BOOL_YES) {
-
-        if (def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] == VIR_TRISTATE_BOOL_NO) {
-            virReportError(VIR_ERR_XML_DETAIL, "%s",
-                           _("firmware feature 'enrolled-keys' cannot be enabled when firmware feature 'secure-boot' is disabled"));
-            return -1;
-        }
-    }
-
     if (!def->os.loader)
         return 0;
 
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 6991cf1dd3..f208c0c531 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1606,6 +1606,14 @@ virDomainDefOSValidate(const virDomainDef *def,
             return -1;
         }
 
+        if (def->os.firmwareFeatures &&
+            def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] == VIR_TRISTATE_BOOL_YES &&
+            def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] == VIR_TRISTATE_BOOL_NO) {
+            virReportError(VIR_ERR_XML_DETAIL, "%s",
+                           _("firmware feature 'enrolled-keys' cannot be enabled when firmware feature 'secure-boot' is disabled"));
+            return -1;
+        }
+
         if (!loader)
             return 0;
 
-- 
2.39.2




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux