Re: [PATCH 2/2] conf: Avoid formatting auto-generated DAC labels

Daniel Veillard <veillard@xxxxxxxxxx> · Fri, 31 Aug 2012 20:17:01 +0800



On Fri, Aug 31, 2012 at 01:40:41PM +0200, Jiri Denemark wrote:
> From: Marcelo Cerri <mhcerri@xxxxxxxxxxxxxxxxxx>
> 
> To avoid backward compatibility issues, this patch suppresses
> auto-generated DAC labels from XML. This change affects commands such as
> dumpxml and save.
> 
> Signed-off-by: Marcelo Cerri <mhcerri@xxxxxxxxxxxxxxxxxx>
> ---
>  src/conf/domain_conf.c | 15 +++++++++++++--
>  src/conf/domain_conf.h |  1 +
>  2 files changed, 14 insertions(+), 2 deletions(-)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 5d2de72..49327df 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -11244,10 +11244,16 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def)
>      if (def->type == VIR_DOMAIN_SECLABEL_DEFAULT)
>          return;
>  
> +    /* To avoid backward compatibility issues, suppress DAC labels that are
> +     * automatically generated.
> +     */
> +    if (STREQ_NULLABLE(def->model, "dac") && def->implicit)
> +        return;
> +
>      virBufferAsprintf(buf, "<seclabel type='%s'",
>                        sectype);
>  
> -    if (def->model)
> +    if (def->model && STRNEQ(def->model, "none"))
>          virBufferEscapeString(buf, " model='%s'", def->model);
>  
>      if (def->type == VIR_DOMAIN_SECLABEL_NONE) {
> @@ -14995,6 +15001,7 @@ virSecurityLabelDefPtr
>  virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model)
>  {
>      int i;
> +    virSecurityLabelDefPtr seclabel = NULL;
>  
>      if (def == NULL || model == NULL)
>          return NULL;
> @@ -15006,7 +15013,11 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model)
>              return def->seclabels[i];
>      }
>  
> -    return virDomainDefAddSecurityLabelDef(def, model);
> +    seclabel = virDomainDefAddSecurityLabelDef(def, model);
> +    if (seclabel)
> +        seclabel->implicit = true;
> +
> +    return seclabel;
>  }
>  
>  virSecurityDeviceLabelDefPtr
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index dfdae49..034bebf 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -295,6 +295,7 @@ struct _virSecurityLabelDef {
>      char *baselabel;    /* base name of label string */
>      int type;           /* virDomainSeclabelType */
>      bool norelabel;
> +    bool implicit;      /* true if seclabel is auto-added */
>  };
>  

  Okay, ACK, the WIP version we both tested, I'm pushing it

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel@xxxxxxxxxxxx  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list