[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v2 2/5] multiple security drivers in XML data



On Tue, Jul 17, 2012 at 10:28:35PM -0300, Marcelo Cerri wrote:
>  
> -    /* Only parse model, if static labelling, or a base
> -     * label is set, or doing active XML
> -     */
> -    if (def->type == VIR_DOMAIN_SECLABEL_STATIC ||
> -        def->baselabel ||
> -        (!(flags & VIR_DOMAIN_XML_INACTIVE) &&
> -         def->type != VIR_DOMAIN_SECLABEL_NONE)) {
> -        p = virXPathStringLimit("string(./seclabel[1]/@model)",
> -                                VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
> -        if (p == NULL) {
> -            virDomainReportError(VIR_ERR_XML_ERROR,
> -                                 "%s", _("missing security model"));
> -            goto error;
> -        }
> -        def->model = p;
> +    /* Always parse model */
> +    p = virXPathStringLimit("string(./@model)",
> +                            VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
> +    if (p == NULL && def->type != VIR_DOMAIN_SECLABEL_NONE) {
> +        virDomainReportError(VIR_ERR_XML_ERROR,
> +                             "%s", _("missing security model"));
> +        goto error;
>      }
> +    def->model = p;

This change is going to cause backwards compatibility problems. Existing
apps using libvirt may not be providing any 'model', and we *must*
continue to support that.

So we should only be reporting an error on missing @model, in the
smae scenarios we did previously, or if there is >1  <secmodel> set
in the XML.


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]