[libvirt] [PATCH 2/2] conf: Avoid formatting auto-generated DAC labels
From: Marcelo Cerri mhce...@linux.vnet.ibm.com
To avoid backward compatibility issues, this patch suppresses
auto-generated DAC labels from XML. This change affects commands such as
dumpxml and save.
Signed-off-by: Marcelo Cerri mhce...@linux.vnet.ibm.com
---
src/conf/domain_conf.c | 15 +--
src/conf/domain_conf.h | 1 +
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 5d2de72..49327df 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -11244,10 +11244,16 @@ virSecurityLabelDefFormat(virBufferPtr buf,
virSecurityLabelDefPtr def)
if (def-type == VIR_DOMAIN_SECLABEL_DEFAULT)
return;
+/* To avoid backward compatibility issues, suppress DAC labels that are
+ * automatically generated.
+ */
+if (STREQ_NULLABLE(def-model, dac) def-implicit)
+return;
+
virBufferAsprintf(buf, seclabel type='%s',
sectype);
-if (def-model)
+if (def-model STRNEQ(def-model, none))
virBufferEscapeString(buf, model='%s', def-model);
if (def-type == VIR_DOMAIN_SECLABEL_NONE) {
@@ -14995,6 +15001,7 @@ virSecurityLabelDefPtr
virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model)
{
int i;
+virSecurityLabelDefPtr seclabel = NULL;
if (def == NULL || model == NULL)
return NULL;
@@ -15006,7 +15013,11 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def,
const char *model)
return def-seclabels[i];
}
-return virDomainDefAddSecurityLabelDef(def, model);
+seclabel = virDomainDefAddSecurityLabelDef(def, model);
+if (seclabel)
+seclabel-implicit = true;
+
+return seclabel;
}
virSecurityDeviceLabelDefPtr
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index dfdae49..034bebf 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -295,6 +295,7 @@ struct _virSecurityLabelDef {
char *baselabel;/* base name of label string */
int type; /* virDomainSeclabelType */
bool norelabel;
+bool implicit; /* true if seclabel is auto-added */
};
--
1.7.12
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] conf: Avoid formatting auto-generated DAC labels
On Fri, Aug 31, 2012 at 01:40:41PM +0200, Jiri Denemark wrote:
From: Marcelo Cerri mhce...@linux.vnet.ibm.com
To avoid backward compatibility issues, this patch suppresses
auto-generated DAC labels from XML. This change affects commands such as
dumpxml and save.
Signed-off-by: Marcelo Cerri mhce...@linux.vnet.ibm.com
---
src/conf/domain_conf.c | 15 +--
src/conf/domain_conf.h | 1 +
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 5d2de72..49327df 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -11244,10 +11244,16 @@ virSecurityLabelDefFormat(virBufferPtr buf,
virSecurityLabelDefPtr def)
if (def-type == VIR_DOMAIN_SECLABEL_DEFAULT)
return;
+/* To avoid backward compatibility issues, suppress DAC labels that are
+ * automatically generated.
+ */
+if (STREQ_NULLABLE(def-model, dac) def-implicit)
+return;
+
virBufferAsprintf(buf, seclabel type='%s',
sectype);
-if (def-model)
+if (def-model STRNEQ(def-model, none))
virBufferEscapeString(buf, model='%s', def-model);
if (def-type == VIR_DOMAIN_SECLABEL_NONE) {
@@ -14995,6 +15001,7 @@ virSecurityLabelDefPtr
virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model)
{
int i;
+virSecurityLabelDefPtr seclabel = NULL;
if (def == NULL || model == NULL)
return NULL;
@@ -15006,7 +15013,11 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def,
const char *model)
return def-seclabels[i];
}
-return virDomainDefAddSecurityLabelDef(def, model);
+seclabel = virDomainDefAddSecurityLabelDef(def, model);
+if (seclabel)
+seclabel-implicit = true;
+
+return seclabel;
}
virSecurityDeviceLabelDefPtr
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index dfdae49..034bebf 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -295,6 +295,7 @@ struct _virSecurityLabelDef {
char *baselabel;/* base name of label string */
int type; /* virDomainSeclabelType */
bool norelabel;
+bool implicit; /* true if seclabel is auto-added */
};
Okay, ACK, the WIP version we both tested, I'm pushing it
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
