From: Ján Tomko <jtomko@redhat.com>
Date: Fri, 16 May 2014 12:31:28 +0000 (+0200)
Subject: conf: fix seclabels for chardevs
X-Git-Tag: v1.2.5-rc1~40
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5ac9b9ddff4740ab7f6c09cadcc588b9700ff4b6;p=thirdparty%2Flibvirt.git

conf: fix seclabels for chardevs

We allow a seclabel to be specified in the <source> element
of a chardev:

<serial type='file'>
  <source path='/tmp/serial.file'>
    <seclabel model='dac' relabel='no'/>
  </source>
</serial>

But we format it outside the source:

<serial type='file'>
  <source path='/tmp/serial.file'/>
  <target port='0'/>
    <seclabel model='dac' relabel='no'/>
</serial>

Move the formatting inside the source to fix this to make the
seclabel persistent across XML format->parse.

Introduced by commit f8b08d0 'Add <seclabel> to character devices.'
---

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 041a1136d7..b5a9a6691e 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -15862,11 +15862,19 @@ virDomainNetDefFormat(virBufferPtr buf,
  * output at " type='type'>". */
 static int
 virDomainChrSourceDefFormat(virBufferPtr buf,
+                            virDomainChrDefPtr chr_def,
                             virDomainChrSourceDefPtr def,
                             bool tty_compat,
                             unsigned int flags)
 {
     const char *type = virDomainChrTypeToString(def->type);
+    size_t nseclabels = 0;
+    virSecurityDeviceLabelDefPtr *seclabels = NULL;
+
+    if (chr_def) {
+        nseclabels = chr_def->nseclabels;
+        seclabels = chr_def->seclabels;
+    }
 
     if (!type) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
@@ -15898,8 +15906,9 @@ virDomainChrSourceDefFormat(virBufferPtr buf,
         if (def->type != VIR_DOMAIN_CHR_TYPE_PTY ||
             (def->data.file.path &&
              !(flags & VIR_DOMAIN_XML_INACTIVE))) {
-            virBufferEscapeString(buf, "<source path='%s'/>\n",
+            virBufferEscapeString(buf, "<source path='%s'",
                                   def->data.file.path);
+            virDomainSourceDefFormatSeclabel(buf, nseclabels, seclabels, flags);
         }
         break;
 
@@ -15957,7 +15966,7 @@ virDomainChrSourceDefFormat(virBufferPtr buf,
         virBufferAsprintf(buf, "<source mode='%s'",
                           def->data.nix.listen ? "bind" : "connect");
         virBufferEscapeString(buf, " path='%s'", def->data.nix.path);
-        virBufferAddLit(buf, "/>\n");
+        virDomainSourceDefFormatSeclabel(buf, nseclabels, seclabels, flags);
         break;
 
     case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
@@ -15979,7 +15988,6 @@ virDomainChrDefFormat(virBufferPtr buf,
     const char *targetType = virDomainChrTargetTypeToString(def->deviceType,
                                                             def->targetType);
     bool tty_compat;
-    size_t n;
 
     int ret = 0;
 
@@ -15997,7 +16005,7 @@ virDomainChrDefFormat(virBufferPtr buf,
                   def->source.type == VIR_DOMAIN_CHR_TYPE_PTY &&
                   !(flags & VIR_DOMAIN_XML_INACTIVE) &&
                   def->source.data.file.path);
-    if (virDomainChrSourceDefFormat(buf, &def->source, tty_compat, flags) < 0)
+    if (virDomainChrSourceDefFormat(buf, def, &def->source, tty_compat, flags) < 0)
         return -1;
 
     /* Format <target> block */
@@ -16069,14 +16077,6 @@ virDomainChrDefFormat(virBufferPtr buf,
             return -1;
     }
 
-    /* Security label overrides, if any. */
-    if (def->seclabels && def->nseclabels > 0) {
-        virBufferAdjustIndent(buf, 2);
-        for (n = 0; n < def->nseclabels; n++)
-            virSecurityDeviceLabelDefFormat(buf, def->seclabels[n], flags);
-        virBufferAdjustIndent(buf, -2);
-    }
-
     virBufferAdjustIndent(buf, -2);
     virBufferAsprintf(buf, "</%s>\n", elementName);
 
@@ -16119,7 +16119,7 @@ virDomainSmartcardDefFormat(virBufferPtr buf,
         break;
 
     case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
-        if (virDomainChrSourceDefFormat(buf, &def->data.passthru, false,
+        if (virDomainChrSourceDefFormat(buf, NULL, &def->data.passthru, false,
                                         flags) < 0)
             return -1;
         break;
@@ -16384,7 +16384,7 @@ virDomainRNGDefFormat(virBufferPtr buf,
 
     case VIR_DOMAIN_RNG_BACKEND_EGD:
         virBufferAdjustIndent(buf, 2);
-        if (virDomainChrSourceDefFormat(buf, def->source.chardev,
+        if (virDomainChrSourceDefFormat(buf, NULL, def->source.chardev,
                                         false, flags) < 0)
             return -1;
         virBufferAdjustIndent(buf, -2);
@@ -16976,7 +16976,7 @@ virDomainRedirdevDefFormat(virBufferPtr buf,
 
     virBufferAsprintf(buf, "<redirdev bus='%s'", bus);
     virBufferAdjustIndent(buf, 2);
-    if (virDomainChrSourceDefFormat(buf, &def->source.chr, false, flags) < 0)
+    if (virDomainChrSourceDefFormat(buf, NULL, &def->source.chr, false, flags) < 0)
         return -1;
     if (virDomainDeviceInfoFormat(buf, &def->info,
                                   flags | VIR_DOMAIN_XML_INTERNAL_ALLOW_BOOT) < 0)
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-chardev-label.xml b/tests/qemuxml2argvdata/qemuxml2argv-chardev-label.xml
new file mode 100644
index 0000000000..9bd4be2ce9
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-chardev-label.xml
@@ -0,0 +1,45 @@
+<domain type='qemu'>
+  <name>machine</name>
+  <uuid>2187c512-ff97-47d7-b67c-c02d3bdc219d</uuid>
+  <memory unit='KiB'>219100</memory>
+  <currentMemory unit='KiB'>219100</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <controller type='usb' index='0'/>
+    <controller type='ide' index='0'/>
+    <controller type='pci' index='0' model='pci-root'/>
+    <serial type='file'>
+      <source path='/tmp/serial.file'>
+        <seclabel model='dac' relabel='no'/>
+      </source>
+      <target port='0'/>
+    </serial>
+    <serial type='unix'>
+      <source mode='connect' path='/tmp/serial.sock'>
+        <seclabel model='dac' relabel='no'/>
+      </source>
+      <target port='1'/>
+    </serial>
+    <console type='file'>
+      <source path='/tmp/serial.file'>
+        <seclabel model='dac' relabel='no'/>
+      </source>
+      <target type='serial' port='0'/>
+    </console>
+    <memballoon model='virtio'/>
+    <rng model='virtio'>
+      <backend model='egd' type='pipe'>
+        <source path='/dev/null'/>
+      </backend>
+    </rng>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 3ea03e645d..da528dadf0 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -362,6 +362,8 @@ mymain(void)
 
     DO_TEST_DIFFERENT("disk-backing-chains");
 
+    DO_TEST("chardev-label");
+
     virObjectUnref(driver.caps);
     virObjectUnref(driver.xmlopt);