[libvirt] [PATCH] virSecurityLabelDefParseXML: Don't parse label on model='none'

Daniel P. Berrange berrange at redhat.com
Mon Nov 11 13:21:38 UTC 2013 

On Mon, Nov 11, 2013 at 10:49:44AM +0100, Michal Privoznik wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1027096
> 
> If there's the following snippet in the domain XML, the domain will be
> lost upon the daemon restart (if the domain is started prior restart):
> 
>     <seclabel type='dynamic' relabel='yes'/>
> 
> The problem is, the 'label', 'imagelabel' and 'baselabel' are parsed
> whenever the VIR_DOMAIN_XML_INACTIVE is *not* present or the label is
> static. The latter is not our case, obviously. So, when libvirtd starts
> up, it finds domain state xml and parse it. During parsing, many XML
> flags are enabled but VIR_DOMAIN_XML_INACTIVE. Hence, our parser tries
> to extract 'label', 'imagelabel' and 'baselabel' from the XML which
> fails for model='none'. Err, this model - even though not specified in
> XML - can be taken from qemu wide config file: /etc/libvirtd/qemu.conf.
> 
> However, in order to know we are dealing with model='none' the code in
> question must be moved forward a bit. Then a new check must be
> introduced. This is what the first two chunks are doing.
> 
> But this alone is not sufficient. The domain state XML won't contain the
> model attribute without slight modification. The model should be
> inserted into the XML even if equal to 'none' and the state XML is being
> generated - what if the origin (the @security_driver variable in
> qemu.conf) changes during libvirtd restarts?
> 
> At the end, a test to catch this scenario is introduced.
> 
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
>  src/conf/domain_conf.c                             | 26 +++++++++++++-------
>  .../qemuxml2argv-seclabel-dynamic-relabel.args     |  6 +++++
>  .../qemuxml2argv-seclabel-dynamic-relabel.xml      | 28 ++++++++++++++++++++++
>  tests/qemuxml2argvtest.c                           |  1 +
>  tests/qemuxml2xmltest.c                            |  1 +
>  5 files changed, 54 insertions(+), 8 deletions(-)
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-relabel.args
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-relabel.xml

ACK

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list