[libvirt] [PATCH 5/8] Support seclabels for volume type disk
Osier Yang
jyang at redhat.com
Thu Apr 4 19:37:59 UTC 2013
"seclabels" is only valid for 'file' or 'block' type storage volume.
---
docs/formatdomain.html.in | 6 ++++--
docs/schemas/domaincommon.rng | 3 +++
src/conf/domain_conf.c | 20 ++++++++++++++------
.../qemuxml2argv-disk-source-pool.xml | 6 +++++-
4 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index ce185a9..44e7f28 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1439,11 +1439,13 @@
path to the file holding the disk. If the disk
<code>type</code> is "block", then the <code>dev</code>
attribute specifies the path to the host device to serve as
- the disk. With both "file" and "block", one or more optional
+ the disk. With "file", "block", and "volume", one or more optional
sub-elements <code>seclabel</code>, <a href="#seclabel">described
below</a> (and <span class="since">since 0.9.9</span>), can be
used to override the domain security labeling policy for just
- that source file. If the disk <code>type</code> is "dir", then the
+ that source file. (NB, for "volume" type disk, <code>seclable</code>
+ is only valid when the specified storage volume is of 'file' or
+ 'block' type). If the disk <code>type</code> is "dir", then the
<code>dir</code> attribute specifies the fully-qualified path
to the directory to use as the disk. If the disk <code>type</code>
is "network", then the <code>protocol</code> attribute specifies
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 4e7e712..80749e1 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1106,6 +1106,9 @@
<optional>
<ref name="startupPolicy"/>
</optional>
+ <optional>
+ <ref name='devSeclabel'/>
+ </optional>
</element>
</optional>
<ref name="diskspec"/>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c1d2cbb..7f5e727 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -12888,16 +12888,24 @@ virDomainDiskSourceDefFormat(virBufferPtr buf,
}
break;
case VIR_DOMAIN_DISK_TYPE_VOLUME:
- /* Parsing guarantees the def->srcpool->volume cannot be NULL
- * if def->srcpool->pool is not NULL.
- */
+ virBufferAddLit(buf, " <source");
+
if (def->srcpool)
- virBufferAsprintf(buf, " <source pool='%s' volume='%s'",
+ virBufferAsprintf(buf, " pool='%s' volume='%s'",
def->srcpool->pool, def->srcpool->volume);
if (def->startupPolicy)
- virBufferEscapeString(buf, " startupPolicy='%s'/>\n", startupPolicy);
- else
+ virBufferEscapeString(buf, " startupPolicy='%s'", startupPolicy);
+
+ if (def->nseclabels) {
+ virBufferAddLit(buf, ">\n");
+ virBufferAdjustIndent(buf, 8);
+ for (n = 0; n < def->nseclabels; n++)
+ virSecurityDeviceLabelDefFormat(buf, def->seclabels[n]);
+ virBufferAdjustIndent(buf, -8);
+ virBufferAddLit(buf, " </source>\n");
+ } else {
virBufferAddLit(buf, "/>\n");
+ }
break;
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
index a218e78..acf9753 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
@@ -15,7 +15,11 @@
<devices>
<emulator>/usr/bin/qemu</emulator>
<disk type='volume' device='cdrom'>
- <source pool='blk-pool0' volume='blk-pool0-vol0' startupPolicy='optional'/>
+ <source pool='blk-pool0' volume='blk-pool0-vol0' startupPolicy='optional'>
+ <seclabel model='selinux' relabel='yes'>
+ <label>system_u:system_r:public_content_t:s0</label>
+ </seclabel>
+ </source>
<target dev='hda' bus='ide'/>
<readonly/>
<address type='drive' controller='0' bus='0' target='0' unit='1'/>
--
1.8.1.4
More information about the libvir-list
mailing list