[PATCH fix] Per-guest configurable user/group for QEMU processes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

This patch contains some small fixes to my last set of patch.

Please, can you review it and provide me some feed back?

Best regards,
Marcelo Cerri

---
 src/conf/domain_conf.c        |    8 +++-----
 src/qemu/qemu_driver.c        |    6 +++---
 src/security/security_dac.c   |    4 ++--
 src/security/security_stack.c |    4 +++-
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 91ffb6f..2e186ce 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3165,7 +3165,6 @@ virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
         def->baselabel = p;
     }
 
-    /* TODO: check */
     /* Always parse model */
     p = virXPathStringLimit("string(./@model)",
                             VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
@@ -3261,8 +3260,9 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
         /* get model associated to this override */
         model = virXMLPropString(list[i], "model");
         if (model == NULL) {
-            // TODO primary ?
-            // vmDef = ?
+            virDomainReportError(VIR_ERR_XML_ERROR, "%s",
+                _("invalid security model"));
+            goto error;
         } else {
             /* find the security label that it's being overrided */
             for (j = 0; j < nvmSeclabels; j++) {
@@ -10924,8 +10924,6 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def)
     virBufferAsprintf(buf, " relabel='%s'",
                       def->norelabel ? "no" : "yes");
 
-VIR_DEBUG("FMT %s: %s %s %s", def->model, def->label, def->imagelabel, def->baselabel); // TODO remove
-
     if (def->label || def->imagelabel || def->baselabel) {
         virBufferAddLit(buf, ">\n");
 
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 39d9eee..7067f4b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -241,7 +241,7 @@ qemuSecurityInit(struct qemud_driver *driver)
         names = driver->additionalSecurityDriverNames;
         while (names && *names) {
             if (STREQ("dac", *names)) {
-                /* A DAC driver has specic parameters */
+                /* A DAC driver has specific parameters */
                 nested = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
                                                   driver->user,
                                                   driver->group,
@@ -274,7 +274,7 @@ qemuSecurityInit(struct qemud_driver *driver)
             }
             names++;
         }
-        /* If there isn't a DAC driver, create a new one and add it to the stack
+        /* If there is no DAC driver, create a new one and add it to the stack
          * manager */
         if (names == NULL || *names == NULL) {
             nested = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
@@ -334,7 +334,7 @@ qemuCreateCapabilities(virCapsPtr oldcaps,
         goto err_exit;
     }
 
-    /* access sec drivers and create a sec model to each one */
+    /* access sec drivers and create a sec model for each one */
     sec_managers = virSecurityManagerGetNested(driver->securityManager);
     if (sec_managers == NULL) {
         goto err_exit;
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0badafb..ae9ddfc 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -110,7 +110,7 @@ int virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
     if (seclabel->label && parseIds(seclabel->label, &uid, &gid)) {
         virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                _("failed to parse uid and gid for DAC "
-                                 "securit driver"));
+                                 "security driver"));
         return -1;
     }
 
@@ -161,7 +161,7 @@ int virSecurityDACParseImageIds(virDomainDefPtr def,
         && parseIds(seclabel->imagelabel, &uid, &gid)) {
         virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                _("failed to parse uid and gid for DAC "
-                                 "securit driver"));
+                                 "security driver"));
         return -1;
     }
 
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index dd0aebc..4cf58f8 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -138,8 +138,10 @@ virSecurityStackVerify(virSecurityManagerPtr mgr,
     int rc = 0;
 
     for(; item; item = item->next) {
-        if (virSecurityManagerVerify(item->securityManager, def) < 0)
+        if (virSecurityManagerVerify(item->securityManager, def) < 0) {
             rc = -1;
+            break;
+        }
     }
 
     return rc;
-- 
1.7.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]