Security label type 'none' requires relabel to be set to 'no' so there's
no reason to output this extra attribute. Moreover, since relabel is
internally stored in a negative from (norelabel), the default value for
relabel would be 'yes' in case there is no <seclabel> element in domain
configuration. In case VIR_DOMAIN_SECLABEL_DEFAULT turns into
VIR_DOMAIN_SECLABEL_NONE, we would incorrectly output relabel='yes' for
seclabel type 'none'.
---
src/conf/domain_conf.c | 9 +++++----
.../qemuxml2argv-seclabel-none.xml | 2 +-
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 6949ece..81836e5 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -9948,16 +9948,17 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def)
virBufferAsprintf(buf, "<seclabel type='%s'",
sectype);
- virBufferEscapeString(buf, " model='%s'", def->model);
-
- virBufferAsprintf(buf, " relabel='%s'",
- def->norelabel ? "no" : "yes");
if (def->type == VIR_DOMAIN_SECLABEL_NONE) {
virBufferAddLit(buf, "/>\n");
return;
}
+ virBufferEscapeString(buf, " model='%s'", def->model);
+
+ virBufferAsprintf(buf, " relabel='%s'",
+ def->norelabel ? "no" : "yes");
+
if (def->label || def->imagelabel || def->baselabel) {
virBufferAddLit(buf, ">\n");
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml
index 1ef97ce..9def692 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml
@@ -22,5 +22,5 @@
<controller type='ide' index='0'/>
<memballoon model='virtio'/>
</devices>
- <seclabel type='none' relabel='no'/>
+ <seclabel type='none'/>
</domain>
--
1.7.8.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list