[libvirt] [PATCH 4/7] Re-add domain device seclabel parsing / formatting

Eric Blake eblake at redhat.com
Mon Jan 23 22:56:32 UTC 2012 

On 01/23/2012 03:38 PM, Eric Blake wrote:
> On 01/11/2012 09:33 AM, Daniel P. Berrange wrote:
>> From: "Daniel P. Berrange" <berrange at redhat.com>
>>
>> This re-introduces parsing & formatting for per device seclabels.
>> There is a new virDomainDeviceSeclabelPtr struct and corresponding
>> APIs for parsing/formatting.
>> ---
>>  src/conf/domain_conf.c |  115 ++++++++++++++++++++++++++++++++++++++++++++++--
>>  src/conf/domain_conf.h |   12 +++++-
>>  2 files changed, 122 insertions(+), 5 deletions(-)
> 
> Complex enough that I agree with your decision to separate the revert
> from the new implementation, even if it means a potential for a failed
> 'git bisect'.

Alas, this still fails testing:

78) QEMU XML-2-XML seclabel-dynamic-override                          ...
Offset 574
Expect [/]
Actual [>
        </seclabel]

... FAILED

> Do we want to be saving this label if norelabel is true (that is, if the
> user passes:
> 
> <seclabel relabel='no'>
>   <label>...</label>
> </seclabel>
> 
> do we reject that as invalid, or silently ignore the useless <label>,
> instead of your behavior of accepting it)?
> 
>> @@ -9767,6 +9844,19 @@ cleanup:
>>  }
>>  
>>  
>> +static void
>> +virSecurityDeviceLabelDefFormat(virBufferPtr buf,
>> +                                virSecurityDeviceLabelDefPtr def)
>> +{
>> +    virBufferAsprintf(buf, "<seclabel relabel='%s'>\n",
>> +                      def->norelabel ? "no" : "yes");
>> +    if (def->label)
>> +        virBufferEscapeString(buf, "  <label>%s</label>\n",
>> +                              def->label);
>> +    virBufferAddLit(buf, "</seclabel>\n");
> 
> With norelabel, this would generate the odd-looking:
> 
> <seclabel relabel='no'>
> </seclabel>
> 
> How about instead doing:
> 
> virBufferAsprintf(buf, "<seclabel relabel='%s'",
>                   def->norelabel ? "no" : "yes");
> if (def->label) {
>     virBufferAddLit(buf, ">\n");
>     virBufferEscapeString(buf, "  <label>%s</label>\n",
>                           def->label);
>     virBufferAddLit(buf, "</seclabel>\n");
> } else {
>     virBufferAddLit(buf, "/>\n");
> }

In fact, that's necessary to get the test to pass again.

-- 
Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120123/54ca6e27/attachment-0001.sig>

More information about the libvir-list mailing list