[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH fix] Per-guest configurable user/group for QEMU processes



Hi,

This patch contains some small fixes to my last set of patch.

Please, can you review it and provide me some feed back?

Best regards,
Marcelo Cerri

---
 src/conf/domain_conf.c        |    8 +++-----
 src/qemu/qemu_driver.c        |    6 +++---
 src/security/security_dac.c   |    4 ++--
 src/security/security_stack.c |    4 +++-
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 91ffb6f..2e186ce 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3165,7 +3165,6 @@ virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
         def->baselabel = p;
     }
 
-    /* TODO: check */
     /* Always parse model */
     p = virXPathStringLimit("string(./@model)",
                             VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
@@ -3261,8 +3260,9 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
         /* get model associated to this override */
         model = virXMLPropString(list[i], "model");
         if (model == NULL) {
-            // TODO primary ?
-            // vmDef = ?
+            virDomainReportError(VIR_ERR_XML_ERROR, "%s",
+                _("invalid security model"));
+            goto error;
         } else {
             /* find the security label that it's being overrided */
             for (j = 0; j < nvmSeclabels; j++) {
@@ -10924,8 +10924,6 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def)
     virBufferAsprintf(buf, " relabel='%s'",
                       def->norelabel ? "no" : "yes");
 
-VIR_DEBUG("FMT %s: %s %s %s", def->model, def->label, def->imagelabel, def->baselabel); // TODO remove
-
     if (def->label || def->imagelabel || def->baselabel) {
         virBufferAddLit(buf, ">\n");
 
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 39d9eee..7067f4b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -241,7 +241,7 @@ qemuSecurityInit(struct qemud_driver *driver)
         names = driver->additionalSecurityDriverNames;
         while (names && *names) {
             if (STREQ("dac", *names)) {
-                /* A DAC driver has specic parameters */
+                /* A DAC driver has specific parameters */
                 nested = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
                                                   driver->user,
                                                   driver->group,
@@ -274,7 +274,7 @@ qemuSecurityInit(struct qemud_driver *driver)
             }
             names++;
         }
-        /* If there isn't a DAC driver, create a new one and add it to the stack
+        /* If there is no DAC driver, create a new one and add it to the stack
          * manager */
         if (names == NULL || *names == NULL) {
             nested = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
@@ -334,7 +334,7 @@ qemuCreateCapabilities(virCapsPtr oldcaps,
         goto err_exit;
     }
 
-    /* access sec drivers and create a sec model to each one */
+    /* access sec drivers and create a sec model for each one */
     sec_managers = virSecurityManagerGetNested(driver->securityManager);
     if (sec_managers == NULL) {
         goto err_exit;
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0badafb..ae9ddfc 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -110,7 +110,7 @@ int virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
     if (seclabel->label && parseIds(seclabel->label, &uid, &gid)) {
         virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                _("failed to parse uid and gid for DAC "
-                                 "securit driver"));
+                                 "security driver"));
         return -1;
     }
 
@@ -161,7 +161,7 @@ int virSecurityDACParseImageIds(virDomainDefPtr def,
         && parseIds(seclabel->imagelabel, &uid, &gid)) {
         virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                _("failed to parse uid and gid for DAC "
-                                 "securit driver"));
+                                 "security driver"));
         return -1;
     }
 
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index dd0aebc..4cf58f8 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -138,8 +138,10 @@ virSecurityStackVerify(virSecurityManagerPtr mgr,
     int rc = 0;
 
     for(; item; item = item->next) {
-        if (virSecurityManagerVerify(item->securityManager, def) < 0)
+        if (virSecurityManagerVerify(item->securityManager, def) < 0) {
             rc = -1;
+            break;
+        }
     }
 
     return rc;
-- 
1.7.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]