[libvirt] [PATCH 3/3] conf: Disallow <seclabel type='none' relabel='yes'/>
Michal Privoznik
mprivozn at redhat.com
Wed Jul 9 12:58:32 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1113860
The combination of type='none' and relabel='yes' makes no sense as
'none' type basically means relabel='no'.
Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
---
src/conf/domain_conf.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index f75c0cb..4215565 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4614,8 +4614,14 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
/* For the model 'none' none of the following labels is going to be
* present. Hence, return now. */
- if (STREQ_NULLABLE(def->model, "none"))
+ if (STREQ_NULLABLE(def->model, "none")) {
+ if (def->relabel) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("model 'none' does not allow relabeling"));
+ goto error;
+ }
return def;
+ }
/* Only parse label, if using static labels, or
* if the 'live' VM XML is requested
--
1.8.5.5
More information about the libvir-list
mailing list