On 04/04/2013 03:37 PM, Osier Yang wrote: > "seclabels" is only valid for 'file' or 'block' type storage volume. > --- > docs/formatdomain.html.in | 6 ++++-- > docs/schemas/domaincommon.rng | 3 +++ > src/conf/domain_conf.c | 20 ++++++++++++++------ > .../qemuxml2argv-disk-source-pool.xml | 6 +++++- > 4 files changed, 26 insertions(+), 9 deletions(-) > > diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in > index ce185a9..44e7f28 100644 > --- a/docs/formatdomain.html.in > +++ b/docs/formatdomain.html.in > @@ -1439,11 +1439,13 @@ > path to the file holding the disk. If the disk > <code>type</code> is "block", then the <code>dev</code> > attribute specifies the path to the host device to serve as > - the disk. With both "file" and "block", one or more optional > + the disk. With "file", "block", and "volume", one or more optional > sub-elements <code>seclabel</code>, <a href="#seclabel">described > below</a> (and <span class="since">since 0.9.9</span>), can be > used to override the domain security labeling policy for just > - that source file. If the disk <code>type</code> is "dir", then the > + that source file. (NB, for "volume" type disk, <code>seclable</code> s/seclable/seclabel/ > + is only valid when the specified storage volume is of 'file' or > + 'block' type). If the disk <code>type</code> is "dir", then the > <code>dir</code> attribute specifies the fully-qualified path > to the directory to use as the disk. If the disk <code>type</code> > is "network", then the <code>protocol</code> attribute specifies > diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng > index 4e7e712..80749e1 100644 > --- a/docs/schemas/domaincommon.rng > +++ b/docs/schemas/domaincommon.rng > @@ -1106,6 +1106,9 @@ > <optional> > <ref name="startupPolicy"/> > </optional> > + <optional> > + <ref name='devSeclabel'/> > + </optional> > </element> > </optional> > <ref name="diskspec"/> > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c > index c1d2cbb..7f5e727 100644 > --- a/src/conf/domain_conf.c > +++ b/src/conf/domain_conf.c > @@ -12888,16 +12888,24 @@ virDomainDiskSourceDefFormat(virBufferPtr buf, > } > break; > case VIR_DOMAIN_DISK_TYPE_VOLUME: > - /* Parsing guarantees the def->srcpool->volume cannot be NULL > - * if def->srcpool->pool is not NULL. > - */ > + virBufferAddLit(buf, " <source"); > + > if (def->srcpool) > - virBufferAsprintf(buf, " <source pool='%s' volume='%s'", > + virBufferAsprintf(buf, " pool='%s' volume='%s'", > def->srcpool->pool, def->srcpool->volume); > if (def->startupPolicy) > - virBufferEscapeString(buf, " startupPolicy='%s'/>\n", startupPolicy); > - else > + virBufferEscapeString(buf, " startupPolicy='%s'", startupPolicy); > + > + if (def->nseclabels) { > + virBufferAddLit(buf, ">\n"); > + virBufferAdjustIndent(buf, 8); > + for (n = 0; n < def->nseclabels; n++) > + virSecurityDeviceLabelDefFormat(buf, def->seclabels[n]); > + virBufferAdjustIndent(buf, -8); > + virBufferAddLit(buf, " </source>\n"); > + } else { > virBufferAddLit(buf, "/>\n"); > + } > break; > default: > virReportError(VIR_ERR_INTERNAL_ERROR, > diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml > index a218e78..acf9753 100644 > --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml > +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml > @@ -15,7 +15,11 @@ > <devices> > <emulator>/usr/bin/qemu</emulator> > <disk type='volume' device='cdrom'> > - <source pool='blk-pool0' volume='blk-pool0-vol0' startupPolicy='optional'/> > + <source pool='blk-pool0' volume='blk-pool0-vol0' startupPolicy='optional'> > + <seclabel model='selinux' relabel='yes'> > + <label>system_u:system_r:public_content_t:s0</label> > + </seclabel> > + </source> > <target dev='hda' bus='ide'/> > <readonly/> > <address type='drive' controller='0' bus='0' target='0' unit='1'/> > ACK, mechanically at least. Although unlike the startupPolicy code, there isn't any seclabel parsing code here. John -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list