[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 6/7] domain: Always validate seclabel model



On Wed, Jan 12, 2011 at 12:23:02PM -0500, Cole Robinson wrote:
> This will help facilitate disabling seclabel for an individual VM. One
> functional change is that the user can now hardcode type='dynamic', but
> there was no good reason to deny it anyways.
> 
> Signed-off-by: Cole Robinson <crobinso redhat com>
> ---
>  src/conf/domain_conf.c                             |   34 ++++++++++----------
>  src/security/security_apparmor.c                   |    6 ++--
>  src/security/security_selinux.c                    |    6 ++--
>  .../qemuxml2xml-seclabel-dynamic-out.xml           |    1 +
>  4 files changed, 24 insertions(+), 23 deletions(-)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 077a396..e5b89a2 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -4238,28 +4238,28 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def,
>          goto error;
>      }
>  
> +    p = virXPathStringLimit("string(./seclabel/@model)",
> +                            VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
> +    if (p == NULL) {
> +        virDomainReportError(VIR_ERR_XML_ERROR,
> +                             "%s", _("missing security model"));
> +        goto error;
> +    }
> +
> +    def->seclabel.model = virDomainSeclabelModelTypeFromString(p);
> +    if (def->seclabel.model < 0) {
> +        virDomainReportError(VIR_ERR_XML_ERROR,
> +                             _("unknown security model '%s'"), p);
> +        VIR_FREE(p);
> +        goto error;
> +    }
> +    VIR_FREE(p);
> +
>      /* Only parse details, if using static labels, or
>       * if the 'live' VM XML is requested
>       */
>      if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC ||
>          !(flags & VIR_DOMAIN_XML_INACTIVE)) {
> -        p = virXPathStringLimit("string(./seclabel/@model)",
> -                                VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
> -        if (p == NULL) {
> -            virDomainReportError(VIR_ERR_XML_ERROR,
> -                                 "%s", _("missing security model"));
> -            goto error;
> -        }
> -
> -        def->seclabel.model = virDomainSeclabelModelTypeFromString(p);
> -        if (def->seclabel.model < 0) {
> -            virDomainReportError(VIR_ERR_XML_ERROR,
> -                                 _("unknown security model '%s'"), p);
> -            VIR_FREE(p);
> -            goto error;
> -        }
> -        VIR_FREE(p);
> -
>          p = virXPathStringLimit("string(./seclabel/label[1])",
>                                  VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
>          if (p == NULL) {

This changes semantics. If the seclabel type is dynamic, then we
want to ignore any kind of 'model' at all, because the model should
automatically become whatever is current active driver. This ensures
that if you change security drivers, then all dynamic VMs will
automatically use the new driver and not be stuck with the model
of the old driver.

Since, we're not supporting per-VM disabled models, I don't think
we need this patch anyway.

Regards,
Daniel


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]