Re: [PATCH v4 3/3] capabilities: add baselabel per sec driver/virt type to secmodel

Eric Blake <eblake@xxxxxxxxxx> · Tue, 29 Oct 2013 07:07:44 -0600

On 10/28/2013 06:02 AM, Daniel P. Berrange wrote:
> On Fri, Oct 18, 2013 at 02:13:21PM +0200, Giuseppe Scrivano wrote:
>> Expand the "secmodel" XML fragment of "host" with a sequence of
>> baselabel's which describe the default security context used by
>> libvirt with a specific security model and virtualization type:
>>
>> <secmodel>
>>   <model>selinux</model>
>>   <doi>0</doi>
>>   <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel>
>>   <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel>
>> </secmodel>

>> +    const int virtTypes[] = {VIR_DOMAIN_VIRT_KVM,
>> +                             VIR_DOMAIN_VIRT_QEMU,
>> +                             VIR_DOMAIN_VIRT_LAST};
> 
> No need for having VIR_DOMAIN_VIRT_LAST here, since we have a 
> handy ARRAY_CARDINALITY macro
> 
>> +        for (j = 0; virtTypes[j] != VIR_DOMAIN_VIRT_LAST; j++) {
> 
> eg
> 
>   for (j = 0 ; j < ARRAY_CARDINALITY(virtTypes) ; j++)  

ACK with the following squashed in.  Since 1 and 2 were acked before
freeze, and the series seems like a low-risk addition (rather than a
change to existing functionality), I'm okay with including this in
1.1.4, so I pushed.

diff --git i/src/qemu/qemu_conf.c w/src/qemu/qemu_conf.c
index 998d938..03c9c7d 100644
--- i/src/qemu/qemu_conf.c
+++ w/src/qemu/qemu_conf.c
@@ -612,8 +612,7 @@ virCapsPtr
virQEMUDriverCreateCapabilities(virQEMUDriverPtr driver)
     const char *doi, *model, *lbl, *type;
     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
     const int virtTypes[] = {VIR_DOMAIN_VIRT_KVM,
-                             VIR_DOMAIN_VIRT_QEMU,
-                             VIR_DOMAIN_VIRT_LAST};
+                             VIR_DOMAIN_VIRT_QEMU,};

     /* Basic host arch / guest machine capabilities */
     if (!(caps = virQEMUCapsInit(driver->qemuCapsCache)))
@@ -645,7 +644,7 @@ virCapsPtr
virQEMUDriverCreateCapabilities(virQEMUDriverPtr driver)
             VIR_STRDUP(sm->doi, doi) < 0)
             goto error;

-        for (j = 0; virtTypes[j] != VIR_DOMAIN_VIRT_LAST; j++) {
+        for (j = 0; j < ARRAY_CARDINALITY(virtTypes); j++) {
             lbl = virSecurityManagerGetBaseLabel(sec_managers[i],
virtTypes[j]);
             type = virDomainVirtTypeToString(virtTypes[j]);
             if (lbl &&


-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment:
signature.asc

Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



