[libvirt] [PATCH] virSecurityLabelDefParseXML: Don't parse label on model='none'
Michal Privoznik
mprivozn at redhat.com
Mon Nov 11 16:02:28 UTC 2013
On 11.11.2013 14:21, Daniel P. Berrange wrote:
> On Mon, Nov 11, 2013 at 10:49:44AM +0100, Michal Privoznik wrote:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1027096
>>
>> If there's the following snippet in the domain XML, the domain will be
>> lost upon the daemon restart (if the domain is started prior restart):
>>
>> <seclabel type='dynamic' relabel='yes'/>
>>
>> The problem is, the 'label', 'imagelabel' and 'baselabel' are parsed
>> whenever the VIR_DOMAIN_XML_INACTIVE is *not* present or the label is
>> static. The latter is not our case, obviously. So, when libvirtd starts
>> up, it finds domain state xml and parse it. During parsing, many XML
>> flags are enabled but VIR_DOMAIN_XML_INACTIVE. Hence, our parser tries
>> to extract 'label', 'imagelabel' and 'baselabel' from the XML which
>> fails for model='none'. Err, this model - even though not specified in
>> XML - can be taken from qemu wide config file: /etc/libvirtd/qemu.conf.
>>
>> However, in order to know we are dealing with model='none' the code in
>> question must be moved forward a bit. Then a new check must be
>> introduced. This is what the first two chunks are doing.
>>
>> But this alone is not sufficient. The domain state XML won't contain the
>> model attribute without slight modification. The model should be
>> inserted into the XML even if equal to 'none' and the state XML is being
>> generated - what if the origin (the @security_driver variable in
>> qemu.conf) changes during libvirtd restarts?
>>
>> At the end, a test to catch this scenario is introduced.
>>
>> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
>> ---
>> src/conf/domain_conf.c | 26 +++++++++++++-------
>> .../qemuxml2argv-seclabel-dynamic-relabel.args | 6 +++++
>> .../qemuxml2argv-seclabel-dynamic-relabel.xml | 28 ++++++++++++++++++++++
>> tests/qemuxml2argvtest.c | 1 +
>> tests/qemuxml2xmltest.c | 1 +
>> 5 files changed, 54 insertions(+), 8 deletions(-)
>> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-relabel.args
>> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-relabel.xml
>
> ACK
>
> Daniel
>
Thanks, pushed. BTW: this deserved to be backported to maint branches.
While trying to bisect this (I recalled some work in this area which I
suspected to cause regression) I couldn't find a single release that
would just work.
Michal
More information about the libvir-list
mailing list