[libvirt] [PATCH fix] Per-guest configurable user/group for QEMU processes
Marcelo Cerri
mhcerri at linux.vnet.ibm.com
Fri Jun 1 18:37:15 UTC 2012
Hi,
This patch contains some small fixes to my last set of patch.
Please, can you review it and provide me some feed back?
Best regards,
Marcelo Cerri
---
src/conf/domain_conf.c | 8 +++-----
src/qemu/qemu_driver.c | 6 +++---
src/security/security_dac.c | 4 ++--
src/security/security_stack.c | 4 +++-
4 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 91ffb6f..2e186ce 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3165,7 +3165,6 @@ virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
def->baselabel = p;
}
- /* TODO: check */
/* Always parse model */
p = virXPathStringLimit("string(./@model)",
VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
@@ -3261,8 +3260,9 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
/* get model associated to this override */
model = virXMLPropString(list[i], "model");
if (model == NULL) {
- // TODO primary ?
- // vmDef = ?
+ virDomainReportError(VIR_ERR_XML_ERROR, "%s",
+ _("invalid security model"));
+ goto error;
} else {
/* find the security label that it's being overrided */
for (j = 0; j < nvmSeclabels; j++) {
@@ -10924,8 +10924,6 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def)
virBufferAsprintf(buf, " relabel='%s'",
def->norelabel ? "no" : "yes");
-VIR_DEBUG("FMT %s: %s %s %s", def->model, def->label, def->imagelabel, def->baselabel); // TODO remove
-
if (def->label || def->imagelabel || def->baselabel) {
virBufferAddLit(buf, ">\n");
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 39d9eee..7067f4b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -241,7 +241,7 @@ qemuSecurityInit(struct qemud_driver *driver)
names = driver->additionalSecurityDriverNames;
while (names && *names) {
if (STREQ("dac", *names)) {
- /* A DAC driver has specic parameters */
+ /* A DAC driver has specific parameters */
nested = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
driver->user,
driver->group,
@@ -274,7 +274,7 @@ qemuSecurityInit(struct qemud_driver *driver)
}
names++;
}
- /* If there isn't a DAC driver, create a new one and add it to the stack
+ /* If there is no DAC driver, create a new one and add it to the stack
* manager */
if (names == NULL || *names == NULL) {
nested = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
@@ -334,7 +334,7 @@ qemuCreateCapabilities(virCapsPtr oldcaps,
goto err_exit;
}
- /* access sec drivers and create a sec model to each one */
+ /* access sec drivers and create a sec model for each one */
sec_managers = virSecurityManagerGetNested(driver->securityManager);
if (sec_managers == NULL) {
goto err_exit;
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0badafb..ae9ddfc 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -110,7 +110,7 @@ int virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
if (seclabel->label && parseIds(seclabel->label, &uid, &gid)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to parse uid and gid for DAC "
- "securit driver"));
+ "security driver"));
return -1;
}
@@ -161,7 +161,7 @@ int virSecurityDACParseImageIds(virDomainDefPtr def,
&& parseIds(seclabel->imagelabel, &uid, &gid)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to parse uid and gid for DAC "
- "securit driver"));
+ "security driver"));
return -1;
}
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index dd0aebc..4cf58f8 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -138,8 +138,10 @@ virSecurityStackVerify(virSecurityManagerPtr mgr,
int rc = 0;
for(; item; item = item->next) {
- if (virSecurityManagerVerify(item->securityManager, def) < 0)
+ if (virSecurityManagerVerify(item->securityManager, def) < 0) {
rc = -1;
+ break;
+ }
}
return rc;
--
1.7.1
More information about the libvir-list
mailing list