[libvirt] [PATCH 1/2] Fix seclabels parsing

[Jiri Denemark]

---
 src/conf/domain_conf.c | 39 ++++++++++++++++++++++++---------------
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 3819ed9..1394297 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3161,27 +3161,36 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def,
      * defined in host's capabilities is used as model for the seclabel.
      */
     if (def->nseclabels == 1 &&
-        def->seclabels[0]->model == NULL &&
-        def->seclabels[0]->type != VIR_DOMAIN_SECLABEL_STATIC &&
-        def->seclabels[0]->baselabel == NULL &&
-        (flags & VIR_DOMAIN_XML_INACTIVE) &&
+        !def->seclabels[0]->model &&
         host->nsecModels > 0) {
-
-        /* Copy model from host. */
-        def->seclabels[0]->model = strdup(host->secModels[0].model);
-        if (def->seclabels[0]->model == NULL) {
-            virReportOOMError();
+        if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_NONE ||
+            (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+             !def->seclabels[0]->baselabel &&
+             (flags & VIR_DOMAIN_XML_INACTIVE))) {
+            /* Copy model from host. */
+            VIR_DEBUG("Found seclabel without a model, using '%s'",
+                      host->secModels[0].model);
+            def->seclabels[0]->model = strdup(host->secModels[0].model);
+            if (!def->seclabels[0]->model) {
+                virReportOOMError();
+                goto error;
+            }
+        } else {
+            virReportError(VIR_ERR_XML_ERROR, "%s",
+                           _("missing security model in domain seclabel"));
             goto error;
         }
     }
 
     /* Checking missing model information */
-    for(; n; n--) {
-        if (def->seclabels[n - 1]->model == NULL) {
-            virReportError(VIR_ERR_XML_ERROR, "%s",
-                                 _("missing security model "
-                                   "when using multiple labels"));
-            goto error;
+    if (def->nseclabels > 1) {
+        for(; n; n--) {
+            if (def->seclabels[n - 1]->model == NULL) {
+                virReportError(VIR_ERR_XML_ERROR, "%s",
+                               _("missing security model "
+                                 "when using multiple labels"));
+                goto error;
+            }
         }
     }
 
-- 
1.7.12