[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 1/2] seclabel: Do not output relabel attribute for type 'none'



Security label type 'none' requires relabel to be set to 'no' so there's
no reason to output this extra attribute.  Moreover, since relabel is
internally stored in a negative from (norelabel), the default value for
relabel would be 'yes' in case there is no <seclabel> element in domain
configuration.  In case VIR_DOMAIN_SECLABEL_DEFAULT turns into
VIR_DOMAIN_SECLABEL_NONE, we would incorrectly output relabel='yes' for
seclabel type 'none'.
---
 src/conf/domain_conf.c                             |    9 +++++----
 .../qemuxml2argv-seclabel-none.xml                 |    2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 6949ece..81836e5 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -9948,16 +9948,17 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def)
 
     virBufferAsprintf(buf, "<seclabel type='%s'",
                       sectype);
-    virBufferEscapeString(buf, " model='%s'", def->model);
-
-    virBufferAsprintf(buf, " relabel='%s'",
-                      def->norelabel ? "no" : "yes");
 
     if (def->type == VIR_DOMAIN_SECLABEL_NONE) {
         virBufferAddLit(buf, "/>\n");
         return;
     }
 
+    virBufferEscapeString(buf, " model='%s'", def->model);
+
+    virBufferAsprintf(buf, " relabel='%s'",
+                      def->norelabel ? "no" : "yes");
+
     if (def->label || def->imagelabel || def->baselabel) {
         virBufferAddLit(buf, ">\n");
 
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml
index 1ef97ce..9def692 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml
@@ -22,5 +22,5 @@
     <controller type='ide' index='0'/>
     <memballoon model='virtio'/>
   </devices>
-  <seclabel type='none' relabel='no'/>
+  <seclabel type='none'/>
 </domain>
-- 
1.7.8.4


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]