[libvirt] [PATCH] fix parsing security labels from virt-aa-helper
Christian Ehrhardt
christian.ehrhardt at canonical.com
Mon Nov 21 14:09:28 UTC 2016
On Mon, Nov 21, 2016 at 9:03 AM, Guido Günther <agx at sigxcpu.org> wrote:
> This should be shortened and clarified (see the other part of the
> thread). IMHO the root cause is that we parse the active domain XML but
> the live part of the seclabel is not filled in yet.
>
Ok, reasonable to keep the actual commit slimmed down after the discussion
is done.
Will be shortened on the next revision.
I also have rewritten the steps to reproduce to be more straight forward.
Let me know if you would like those also out of the commit messages scope.
[...]
> + VIR_DOMAIN_DEF_PARSE_SKIP_ACTIVE_LABEL = 1 << 11,
>
> /* skip parsing of seclabel */
> VIR_DOMAIN_DEF_PARSE_SKIP_SECLABEL = 1 << 11,
>
> is IMHO shorter and I would then change the code to skip the whole
> seclabel parsing since it's of no need for virt-aa-helper.
>
I agree that this shorter naming is better.
Will do so on the next revision I submit later today.
> Another possibility is to not introduce a new flag but filter out
> seclabels in virt-aa-helper before parsing the XML without cluttering
> domain_conf.c even more for this special case.
>
I liked the idea but failed to implement it this way - I guess due to my
lack of experience on libxml (or virXML) functions.
A version that felt to be "almost there" based on an Xpath can be found
here: http://paste.ubuntu.com/23511691/
Most of the complexity is the back and forth of conversion to get it back
into the string and not the actual stripping.
If it really is close, feedback is welcome - currently it just doesn't
strip anything while the same xpath string does work as intended on xmllint.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161121/133cd0a9/attachment-0001.htm>
More information about the libvir-list
mailing list