---
src/conf/domain_conf.c | 39 ++++++++++++++++++++++++---------------
1 file changed, 24 insertions(+), 15 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 3819ed9..1394297 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3161,27 +3161,36 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def,
* defined in host's capabilities is used as model for the seclabel.
*/
if (def->nseclabels == 1 &&
- def->seclabels[0]->model == NULL &&
- def->seclabels[0]->type != VIR_DOMAIN_SECLABEL_STATIC &&
- def->seclabels[0]->baselabel == NULL &&
- (flags & VIR_DOMAIN_XML_INACTIVE) &&
+ !def->seclabels[0]->model &&
host->nsecModels > 0) {
-
- /* Copy model from host. */
- def->seclabels[0]->model = strdup(host->secModels[0].model);
- if (def->seclabels[0]->model == NULL) {
- virReportOOMError();
+ if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_NONE ||
+ (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+ !def->seclabels[0]->baselabel &&
+ (flags & VIR_DOMAIN_XML_INACTIVE))) {
+ /* Copy model from host. */
+ VIR_DEBUG("Found seclabel without a model, using '%s'",
+ host->secModels[0].model);
+ def->seclabels[0]->model = strdup(host->secModels[0].model);
+ if (!def->seclabels[0]->model) {
+ virReportOOMError();
+ goto error;
+ }
+ } else {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing security model in domain seclabel"));
goto error;
}
}
/* Checking missing model information */
- for(; n; n--) {
- if (def->seclabels[n - 1]->model == NULL) {
- virReportError(VIR_ERR_XML_ERROR, "%s",
- _("missing security model "
- "when using multiple labels"));
- goto error;
+ if (def->nseclabels > 1) {
+ for(; n; n--) {
+ if (def->seclabels[n - 1]->model == NULL) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing security model "
+ "when using multiple labels"));
+ goto error;
+ }
}
}
--
1.7.12
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list