[PATCH 2/2] conf: Don't always require security/@model

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Only parse model, if static labelling, or
a base label is set, or doing active XML.
---
 src/conf/domain_conf.c |   39 ++++++++++++++++++++++++---------------
 1 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 419088c..0f7bf78 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3121,14 +3121,22 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
         def->baselabel = p;
     }
 
-    /* Always parse model */
-    p = virXPathStringLimit("string(./@model)",
-                            VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
-    if (p == NULL && def->type != VIR_DOMAIN_SECLABEL_NONE) {
-        virReportError(VIR_ERR_XML_ERROR,
-                       "%s", _("missing security model"));
+    /* Only parse model, if static labelling, or a base
+     * label is set, or doing active XML
+     */
+    if (def->type == VIR_DOMAIN_SECLABEL_STATIC ||
+        def->baselabel ||
+        (!(flags & VIR_DOMAIN_XML_INACTIVE) &&
+         def->type != VIR_DOMAIN_SECLABEL_NONE)) {
+
+        p = virXPathStringLimit("string(./@model)",
+                                VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
+        if (p == NULL && def->type != VIR_DOMAIN_SECLABEL_NONE) {
+            virReportError(VIR_ERR_XML_ERROR,
+                           "%s", _("missing security model"));
+        }
+        def->model = p;
     }
-    def->model = p;
 
     return def;
 
@@ -3225,11 +3233,7 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
     for (i = 0; i < n; i++) {
         /* get model associated to this override */
         model = virXMLPropString(list[i], "model");
-        if (model == NULL) {
-            virReportError(VIR_ERR_XML_ERROR, "%s",
-                           _("invalid security model"));
-            goto error;
-        } else {
+        if (model) {
             /* find the security label that it's being overriden */
             for (j = 0; j < nvmSeclabels; j++) {
                 if (STREQ(vmSeclabels[j]->model, model)) {
@@ -3275,7 +3279,7 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
             virReportError(VIR_ERR_XML_ERROR,
                            _("Cannot specify a label if relabelling is "
                              "turned off. model=%s"),
-                             def->seclabels[i]->model);
+                             NULLSTR(def->seclabels[i]->model));
             goto error;
         }
     }
@@ -11271,8 +11275,13 @@ static void
 virSecurityDeviceLabelDefFormat(virBufferPtr buf,
                                 virSecurityDeviceLabelDefPtr def)
 {
-    virBufferAsprintf(buf, "<seclabel model='%s' relabel='%s'",
-                      def->model, def->norelabel ? "no" : "yes");
+    virBufferAsprintf(buf, "<seclabel");
+
+    if (def->model)
+        virBufferAsprintf(buf, " model='%s'", def->model);
+
+    virBufferAsprintf(buf, " relabel='%s'", def->norelabel ? "no" : "yes");
+
     if (def->label) {
         virBufferAddLit(buf, ">\n");
         virBufferEscapeString(buf, "  <label>%s</label>\n",
-- 
1.7.8.6

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]