Re: [PATCH 4/7] Re-add domain device seclabel parsing / formatting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/23/2012 03:38 PM, Eric Blake wrote:
> On 01/11/2012 09:33 AM, Daniel P. Berrange wrote:
>> From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
>>
>> This re-introduces parsing & formatting for per device seclabels.
>> There is a new virDomainDeviceSeclabelPtr struct and corresponding
>> APIs for parsing/formatting.
>> ---
>>  src/conf/domain_conf.c |  115 ++++++++++++++++++++++++++++++++++++++++++++++--
>>  src/conf/domain_conf.h |   12 +++++-
>>  2 files changed, 122 insertions(+), 5 deletions(-)
> 
> Complex enough that I agree with your decision to separate the revert
> from the new implementation, even if it means a potential for a failed
> 'git bisect'.

Alas, this still fails testing:

78) QEMU XML-2-XML seclabel-dynamic-override                          ...
Offset 574
Expect [/]
Actual [>
        </seclabel]

... FAILED

> Do we want to be saving this label if norelabel is true (that is, if the
> user passes:
> 
> <seclabel relabel='no'>
>   <label>...</label>
> </seclabel>
> 
> do we reject that as invalid, or silently ignore the useless <label>,
> instead of your behavior of accepting it)?
> 
>> @@ -9767,6 +9844,19 @@ cleanup:
>>  }
>>  
>>  
>> +static void
>> +virSecurityDeviceLabelDefFormat(virBufferPtr buf,
>> +                                virSecurityDeviceLabelDefPtr def)
>> +{
>> +    virBufferAsprintf(buf, "<seclabel relabel='%s'>\n",
>> +                      def->norelabel ? "no" : "yes");
>> +    if (def->label)
>> +        virBufferEscapeString(buf, "  <label>%s</label>\n",
>> +                              def->label);
>> +    virBufferAddLit(buf, "</seclabel>\n");
> 
> With norelabel, this would generate the odd-looking:
> 
> <seclabel relabel='no'>
> </seclabel>
> 
> How about instead doing:
> 
> virBufferAsprintf(buf, "<seclabel relabel='%s'",
>                   def->norelabel ? "no" : "yes");
> if (def->label) {
>     virBufferAddLit(buf, ">\n");
>     virBufferEscapeString(buf, "  <label>%s</label>\n",
>                           def->label);
>     virBufferAddLit(buf, "</seclabel>\n");
> } else {
>     virBufferAddLit(buf, "/>\n");
> }

In fact, that's necessary to get the test to pass again.

-- 
Eric Blake   eblake@xxxxxxxxxx    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]