https://bugzilla.redhat.com/show_bug.cgi?id=1113860 The combination of type='none' and relabel='yes' makes no sense as 'none' type basically means relabel='no'. Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> --- src/conf/domain_conf.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index f75c0cb..4215565 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -4614,8 +4614,14 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, /* For the model 'none' none of the following labels is going to be * present. Hence, return now. */ - if (STREQ_NULLABLE(def->model, "none")) + if (STREQ_NULLABLE(def->model, "none")) { + if (def->relabel) { + virReportError(VIR_ERR_XML_DETAIL, "%s", + _("model 'none' does not allow relabeling")); + goto error; + } return def; + } /* Only parse label, if using static labels, or * if the 'live' VM XML is requested -- 1.8.5.5 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list