From: Marcelo Cerri <mhcerri@xxxxxxxxxxxxxxxxxx> To avoid backward compatibility issues, this patch suppresses auto-generated DAC labels from XML. This change affects commands such as dumpxml and save. Signed-off-by: Marcelo Cerri <mhcerri@xxxxxxxxxxxxxxxxxx> --- src/conf/domain_conf.c | 15 +++++++++++++-- src/conf/domain_conf.h | 1 + 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 5d2de72..49327df 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -11244,10 +11244,16 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def) if (def->type == VIR_DOMAIN_SECLABEL_DEFAULT) return; + /* To avoid backward compatibility issues, suppress DAC labels that are + * automatically generated. + */ + if (STREQ_NULLABLE(def->model, "dac") && def->implicit) + return; + virBufferAsprintf(buf, "<seclabel type='%s'", sectype); - if (def->model) + if (def->model && STRNEQ(def->model, "none")) virBufferEscapeString(buf, " model='%s'", def->model); if (def->type == VIR_DOMAIN_SECLABEL_NONE) { @@ -14995,6 +15001,7 @@ virSecurityLabelDefPtr virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) { int i; + virSecurityLabelDefPtr seclabel = NULL; if (def == NULL || model == NULL) return NULL; @@ -15006,7 +15013,11 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) return def->seclabels[i]; } - return virDomainDefAddSecurityLabelDef(def, model); + seclabel = virDomainDefAddSecurityLabelDef(def, model); + if (seclabel) + seclabel->implicit = true; + + return seclabel; } virSecurityDeviceLabelDefPtr diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index dfdae49..034bebf 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -295,6 +295,7 @@ struct _virSecurityLabelDef { char *baselabel; /* base name of label string */ int type; /* virDomainSeclabelType */ bool norelabel; + bool implicit; /* true if seclabel is auto-added */ }; -- 1.7.12 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list