[libvirt] [PATCH] conf: Fix parsing of seclabels without model
Marcelo Cerri
mhcerri at linux.vnet.ibm.com
Thu Aug 30 23:04:55 UTC 2012
On 08/30/2012 06:42 PM, Jiri Denemark wrote:
>
> But this seems wrong. The only case when model can be missing is when there
> is just one seclabel defined and either type is none or type is dynamic,
> baselabel is not defined and INACTIVE flags is set. This is the only case in
> which we need to guess what model was used and we should be able to just use
> the first secModel for that. That is the code is not incorrect but relaxes
> the requirements too much. We should require model to be present in all
> cases except for the one case needed for backward compatibility.
>
Ok, no problem. I'll provide a new version of this patch that is more
restricted when assigning a model and another patch suppressing seclabel
for DAC when it is not explicitly defined for a guest.
> Jirka
>
More information about the libvir-list
mailing list