Re: [PATCH 5/7] domain: Handle seclabel model with an enum

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 12, 2011 at 12:23:01PM -0500, Cole Robinson wrote:
> This allows us to explicitly handle the 'default' seclabel case, as
> well as provide easier model validation.
> 
> Signed-off-by: Cole Robinson <crobinso@xxxxxxxxxx>
> ---
>  src/conf/domain_conf.c           |   38 ++++++++++++++++++++++++++++++--------
>  src/conf/domain_conf.h           |   14 ++++++++++++--
>  src/security/security_apparmor.c |    9 +++------
>  src/security/security_driver.c   |   15 ++++++++++-----
>  src/security/security_selinux.c  |    8 ++------
>  5 files changed, 57 insertions(+), 27 deletions(-)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 8f6ef55..077a396 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -313,6 +313,12 @@ VIR_ENUM_IMPL(virDomainSeclabel, VIR_DOMAIN_SECLABEL_LAST,
>                "dynamic",
>                "static")
>  
> +VIR_ENUM_IMPL(virDomainSeclabelModel, VIR_DOMAIN_SECLABEL_MODEL_LAST,
> +              "default",
> +              "selinux",
> +              "apparmor",
> +              "none")

If we remove 'none' from the enum, this is ok.

> +
>  VIR_ENUM_IMPL(virDomainNetdevMacvtap, VIR_DOMAIN_NETDEV_MACVTAP_MODE_LAST,
>                "vepa",
>                "private",
> @@ -759,7 +765,7 @@ void virDomainSeclabelDefClear(virSecurityLabelDefPtr seclabel)
>      if (!seclabel)
>          return;
>  
> -    VIR_FREE(seclabel->model);
> +    seclabel->model = VIR_DOMAIN_SECLABEL_MODEL_DEFAULT;
>      VIR_FREE(seclabel->label);
>      VIR_FREE(seclabel->imagelabel);
>  }
> @@ -4244,7 +4250,15 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def,
>                                   "%s", _("missing security model"));
>              goto error;
>          }
> -        def->seclabel.model = p;
> +
> +        def->seclabel.model = virDomainSeclabelModelTypeFromString(p);
> +        if (def->seclabel.model < 0) {
> +            virDomainReportError(VIR_ERR_XML_ERROR,
> +                                 _("unknown security model '%s'"), p);
> +            VIR_FREE(p);
> +            goto error;
> +        }
> +        VIR_FREE(p);
>  
>          p = virXPathStringLimit("string(./seclabel/label[1])",
>                                  VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
> @@ -7336,18 +7350,26 @@ char *virDomainDefFormat(virDomainDefPtr def,
>  
>      virBufferAddLit(&buf, "  </devices>\n");
>  
> -    if (def->seclabel.model) {
> -        const char *sectype = virDomainSeclabelTypeToString(def->seclabel.type);
> +    if (def->seclabel.model != VIR_DOMAIN_SECLABEL_MODEL_DEFAULT) {
> +        const char *sectype, *secmodel;
> +
> +        sectype = virDomainSeclabelTypeToString(def->seclabel.type);
>          if (!sectype)
>              goto cleanup;
> +
> +        secmodel = virDomainSeclabelModelTypeToString(def->seclabel.model);
> +        if (!secmodel)
> +            goto cleanup;
> +
> +        virBufferVSprintf(&buf, "  <seclabel type='%s' model='%s'",
> +                          sectype, secmodel);
> +
>          if (!def->seclabel.label ||
>              (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
>               (flags & VIR_DOMAIN_XML_INACTIVE))) {
> -            virBufferVSprintf(&buf, "  <seclabel type='%s' model='%s'/>\n",
> -                              sectype, def->seclabel.model);
> +            virBufferAddLit(&buf, "/>\n");
>          } else {
> -            virBufferVSprintf(&buf, "  <seclabel type='%s' model='%s'>\n",
> -                                  sectype, def->seclabel.model);
> +            virBufferAddLit(&buf, ">\n");
>              virBufferEscapeString(&buf, "    <label>%s</label>\n",
>                                    def->seclabel.label);
>              if (def->seclabel.imagelabel &&
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index b5cf433..81409f8 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -782,14 +782,23 @@ enum virDomainSeclabelType {
>      VIR_DOMAIN_SECLABEL_LAST,
>  };
>  
> +enum virDomainSeclabelModel {
> +    VIR_DOMAIN_SECLABEL_MODEL_DEFAULT,
> +    VIR_DOMAIN_SECLABEL_MODEL_SELINUX,
> +    VIR_DOMAIN_SECLABEL_MODEL_APPARMOR,
> +    VIR_DOMAIN_SECLABEL_MODEL_NONE,
> +
> +    VIR_DOMAIN_SECLABEL_MODEL_LAST,
> +};

Remove  NONE here too.



ACK, if the 'none' / NONE bits are removed.

Daniel

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]