To avoid backward compatibility issues, this patch suppresses
auto-generated DAC labels from XML. This change affects commands such as
dumpxml and save.
Signed-off-by: Marcelo Cerri <mhcerri@xxxxxxxxxxxxxxxxxx>
---
src/conf/domain_conf.c | 13 ++++++++++++-
src/conf/domain_conf.h | 1 +
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 42c3900..516821f 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -11231,6 +11231,12 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def)
if (def->type == VIR_DOMAIN_SECLABEL_DEFAULT)
return;
+ /* To avoid backward compatibility issues, suppress DAC labels that are
+ * automatically generated.
+ */
+ if (STREQ_NULLABLE(def->model, "dac") && def->implicit)
+ return;
+
virBufferAsprintf(buf, "<seclabel type='%s'",
sectype);
@@ -14982,6 +14988,7 @@ virSecurityLabelDefPtr
virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model)
{
int i;
+ virSecurityLabelDefPtr seclabel = NULL;
if (def == NULL || model == NULL)
return NULL;
@@ -14993,7 +15000,11 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model)
return def->seclabels[i];
}
- return virDomainDefAddSecurityLabelDef(def, model);
+ seclabel = virDomainDefAddSecurityLabelDef(def, model);
+ if (seclabel)
+ seclabel->implicit = true;
+
+ return seclabel;
}
virSecurityDeviceLabelDefPtr
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 9ee57e1..3791e50 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -295,6 +295,7 @@ struct _virSecurityLabelDef {
char *baselabel; /* base name of label string */
int type; /* virDomainSeclabelType */
bool norelabel;
+ bool implicit; /* true if seclabel is auto-added */
};
--
1.7.12
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list