On 11.11.2013 14:21, Daniel P. Berrange wrote: > On Mon, Nov 11, 2013 at 10:49:44AM +0100, Michal Privoznik wrote: >> https://bugzilla.redhat.com/show_bug.cgi?id=1027096 >> >> If there's the following snippet in the domain XML, the domain will be >> lost upon the daemon restart (if the domain is started prior restart): >> >> <seclabel type='dynamic' relabel='yes'/> >> >> The problem is, the 'label', 'imagelabel' and 'baselabel' are parsed >> whenever the VIR_DOMAIN_XML_INACTIVE is *not* present or the label is >> static. The latter is not our case, obviously. So, when libvirtd starts >> up, it finds domain state xml and parse it. During parsing, many XML >> flags are enabled but VIR_DOMAIN_XML_INACTIVE. Hence, our parser tries >> to extract 'label', 'imagelabel' and 'baselabel' from the XML which >> fails for model='none'. Err, this model - even though not specified in >> XML - can be taken from qemu wide config file: /etc/libvirtd/qemu.conf. >> >> However, in order to know we are dealing with model='none' the code in >> question must be moved forward a bit. Then a new check must be >> introduced. This is what the first two chunks are doing. >> >> But this alone is not sufficient. The domain state XML won't contain the >> model attribute without slight modification. The model should be >> inserted into the XML even if equal to 'none' and the state XML is being >> generated - what if the origin (the @security_driver variable in >> qemu.conf) changes during libvirtd restarts? >> >> At the end, a test to catch this scenario is introduced. >> >> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> >> --- >> src/conf/domain_conf.c | 26 +++++++++++++------- >> .../qemuxml2argv-seclabel-dynamic-relabel.args | 6 +++++ >> .../qemuxml2argv-seclabel-dynamic-relabel.xml | 28 ++++++++++++++++++++++ >> tests/qemuxml2argvtest.c | 1 + >> tests/qemuxml2xmltest.c | 1 + >> 5 files changed, 54 insertions(+), 8 deletions(-) >> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-relabel.args >> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-relabel.xml > > ACK > > Daniel > Thanks, pushed. BTW: this deserved to be backported to maint branches. While trying to bisect this (I recalled some work in this area which I suspected to cause regression) I couldn't find a single release that would just work. Michal -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list