[libvirt] [PATCH 2/3] Allow for resource relabelling with static labels
Eric Blake
eblake at redhat.com
Mon Jun 27 16:15:10 UTC 2011
On 06/27/2011 06:20 AM, Daniel P. Berrange wrote:
> Add a new attribute to the <seclabel> XML to allow resource
> relabelling to be enabled with static label usage.
>
> <seclabel model='selinux' type='static' relabel='yes'>
> <label>system_u:system_r:svirt_t:s0:c392,c662</label>
> </seclabel>
>
> * docs/schemas/domain.rng: Add relabel attribute
Missing docs/formatdomain.html.in counterpart.
> +++ b/src/conf/domain_conf.c
> @@ -5072,6 +5072,30 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def,
> "%s", _("invalid security type"));
> goto error;
> }
> + p = virXPathStringLimit("string(./seclabel/@relabel)",
> + VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
> + if (p != NULL) {
> + if (STREQ(p, "yes")) {
> + def->seclabel.relabel = true;
> + } else if (STREQ(p, "no")) {
> + def->seclabel.relabel = false;
> + } else {
> + virDomainReportError(VIR_ERR_XML_ERROR,
> + _("invalid security relabel value %s"), p);
> + goto error;
> + }
> + if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
> + !def->seclabel.relabel) {
> + virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> + "%s", _("dynamic label type must use resource relabelling"));
s/relabelling/relabeling/ since user-visible messages should prefer US
spelling (double-l is UK spelling). A proper en_UK locale .po file
would then get the UK spelling (do we have one of those?).
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110627/46fae69e/attachment-0001.sig>
More information about the libvir-list
mailing list