git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Michal Privoznik <mprivozn@redhat.com>
	Thu, 25 May 2023 13:43:56 +0000 (15:43 +0200)
committer	Michal Privoznik <mprivozn@redhat.com>
	Thu, 1 Jun 2023 11:53:09 +0000 (13:53 +0200)
commit	a36318be9d6fec1be3bd2bafefff0849e6b9e13a
tree	1890e565545d7e90abec7dad05079a82776ce8c1	tree
parent	68545ed21b8dcc0e17f98528b30a0465acdf2fe5	commit \| diff

conf: Reject invalid device's <seclabel relabel='yes'/> with no <label/>

We allow (some) domain devices to have a different <seclabel/>
than the top level domain one (this is mostly to allow access to
a resource for multiple domains). Now, we do couple of sanity
checks for such <seclabel/>, e.g. when the <label/> is specified,
but '@relabel' is set to no. But what we are missing is the
opposite: when '@relabel' is set, but no <label/> was provided.

Our schema already denies such combination. Make our parser
behave the same.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2160356
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

src/conf/domain_conf.c		diff \| blob \| blame \| history
tests/qemuxml2argvdata/seclabel-device-relabel-invalid.err	[new file with mode: 0644]	blob
tests/qemuxml2argvdata/seclabel-device-relabel-invalid.xml	[new file with mode: 0644]	blob
tests/qemuxml2argvtest.c		diff \| blob \| blame \| history