[PATCH 1/2] seclabel: Do not output relabel attribute for type 'none'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Security label type 'none' requires relabel to be set to 'no' so there's
no reason to output this extra attribute.  Moreover, since relabel is
internally stored in a negative from (norelabel), the default value for
relabel would be 'yes' in case there is no <seclabel> element in domain
configuration.  In case VIR_DOMAIN_SECLABEL_DEFAULT turns into
VIR_DOMAIN_SECLABEL_NONE, we would incorrectly output relabel='yes' for
seclabel type 'none'.
---
 src/conf/domain_conf.c                             |    9 +++++----
 .../qemuxml2argv-seclabel-none.xml                 |    2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 6949ece..81836e5 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -9948,16 +9948,17 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def)
 
     virBufferAsprintf(buf, "<seclabel type='%s'",
                       sectype);
-    virBufferEscapeString(buf, " model='%s'", def->model);
-
-    virBufferAsprintf(buf, " relabel='%s'",
-                      def->norelabel ? "no" : "yes");
 
     if (def->type == VIR_DOMAIN_SECLABEL_NONE) {
         virBufferAddLit(buf, "/>\n");
         return;
     }
 
+    virBufferEscapeString(buf, " model='%s'", def->model);
+
+    virBufferAsprintf(buf, " relabel='%s'",
+                      def->norelabel ? "no" : "yes");
+
     if (def->label || def->imagelabel || def->baselabel) {
         virBufferAddLit(buf, ">\n");
 
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml
index 1ef97ce..9def692 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml
@@ -22,5 +22,5 @@
     <controller type='ide' index='0'/>
     <memballoon model='virtio'/>
   </devices>
-  <seclabel type='none' relabel='no'/>
+  <seclabel type='none'/>
 </domain>
-- 
1.7.8.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]