On 08/30/2012 06:42 PM, Jiri Denemark wrote:
But this seems wrong. The only case when model can be missing is when there is just one seclabel defined and either type is none or type is dynamic, baselabel is not defined and INACTIVE flags is set. This is the only case in which we need to guess what model was used and we should be able to just use the first secModel for that. That is the code is not incorrect but relaxes the requirements too much. We should require model to be present in all cases except for the one case needed for backward compatibility.
Ok, no problem. I'll provide a new version of this patch that is more restricted when assigning a model and another patch suppressing seclabel for DAC when it is not explicitly defined for a guest.
Jirka
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list