[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] format: suppress auto-generated DAC labels



To avoid backward compatibility issues, this patch suppresses
auto-generated DAC labels from XML. This change affects commands such as
dumpxml and save.

Signed-off-by: Marcelo Cerri <mhcerri linux vnet ibm com>
---
 src/conf/domain_conf.c | 13 ++++++++++++-
 src/conf/domain_conf.h |  1 +
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 42c3900..516821f 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -11231,6 +11231,12 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def)
     if (def->type == VIR_DOMAIN_SECLABEL_DEFAULT)
         return;
 
+    /* To avoid backward compatibility issues, suppress DAC labels that are
+     * automatically generated.
+     */
+    if (STREQ_NULLABLE(def->model, "dac") && def->implicit)
+        return;
+
     virBufferAsprintf(buf, "<seclabel type='%s'",
                       sectype);
 
@@ -14982,6 +14988,7 @@ virSecurityLabelDefPtr
 virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model)
 {
     int i;
+    virSecurityLabelDefPtr seclabel = NULL;
 
     if (def == NULL || model == NULL)
         return NULL;
@@ -14993,7 +15000,11 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model)
             return def->seclabels[i];
     }
 
-    return virDomainDefAddSecurityLabelDef(def, model);
+    seclabel = virDomainDefAddSecurityLabelDef(def, model);
+    if (seclabel)
+        seclabel->implicit = true;
+
+    return seclabel;
 }
 
 virSecurityDeviceLabelDefPtr
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 9ee57e1..3791e50 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -295,6 +295,7 @@ struct _virSecurityLabelDef {
     char *baselabel;    /* base name of label string */
     int type;           /* virDomainSeclabelType */
     bool norelabel;
+    bool implicit;      /* true if seclabel is auto-added */
 };
 
 
-- 
1.7.12


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]