Re: [PATCH] conf: Fix parsing of seclabels without model

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 30, 2012 at 13:19:31 -0300, Marcelo Cerri wrote:
> With this patch libvirt tries to assign a model to seclabels when model
> is missing. Libvirt will look up at host's capabilities and assign a
> model in order to each seclabel that doesn't have a model assigned.
> 
> This patch fixes:
> 
> 1. The problem with existing guests that have a seclabel defined in its XML.
> 2. A XML parse error when a guest is restored.
> 
> Signed-off-by: Marcelo Cerri <mhcerri@xxxxxxxxxxxxxxxxxx>
> ---
>  src/conf/domain_conf.c | 56 ++++++++++++++++++++++++++------------------------
>  1 file changed, 29 insertions(+), 27 deletions(-)

I think this is trying to fix the issue at a wrong place. It's not that XML
generated by older libvirtd is not correctly parsed by current libvirtd. The
problem is that *current* libvirtd creates an XML that it cannot parse back.
Thus we should rather fix the code that formats the XML.

On that front, I'm concerned about migration compatibility of this new
security driver code. If we just blindly emit <seclabel type='dynamic'
model='dac' relabel='yes'> element into the XML, I'm pretty sure an older
libvirtd will complain about it even though the element was not used to do
anything special that would be done anyway (that is, if labels are the default
qemu_user:qemu_group).

Jirka

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]