docs: schemas: Add 'seclabel' for external disk snapshot

Allow using seclabels the same way as disk images allow it. Currently
the snapshot code copies the seclabels from the original image if no
seclabel is provided. Also there's no code change required as the
snapshot XML parser actually uses parts of the disk parser thus
seclabels are already parsed and formatted and even applied thus this is
just a formalization of our support for this.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

diff --git a/docs/formatsnapshot.html.in b/docs/formatsnapshot.html.in
index a19e91b4d5644a60380697b0a2a524ccdd01885b..92cc5664675d8a18f287b67bcc32627196c6b9b0 100644 (file)
--- a/docs/formatsnapshot.html.in
+++ b/docs/formatsnapshot.html.in
@@ -170,6 +170,12 @@
               snapshots, the original file name becomes the read-only
               snapshot, and the new file name contains the read-write
               delta of all disk changes since the snapshot.
+              <p/>
+              The <code>source</code> element also may contain the
+              <code>seclabel</code> element (described in the
+              <a href="formatdomain.html#seclabel">domain XML documentation</a>)
+              which can be used to override the domain security labeling policy
+              for <code>source</code>.
               </dd>
               <dt><code>driver</code></dt>
               <dd>An optional sub-element <code>driver</code>,
@@ -177,6 +183,7 @@
               as qcow2), of the new file created by the external
               snapshot of the new file.
               </dd>
+              <dt><code>seclabel</code></dt>
             </dl>
 
             <span class="since">Since 1.2.2</span> the <code>disk</code> element
@@ -259,6 +266,11 @@
       &lt;source file='/path/to/new'/&gt;
     &lt;/disk&gt;
     &lt;disk name='vdb' snapshot='no'/&gt;
+    &lt;disk name='vdc'&gt;
+      &lt;source file='/path/to/newc'&gt;
+        &lt;seclabel model='dac' relabel='no'/&gt;
+      &lt;/source&gt;
+    &lt;/disk&gt;
   &lt;/disks&gt;
 &lt;/domainsnapshot&gt;</pre>
 

diff --git a/docs/schemas/domainsnapshot.rng b/docs/schemas/domainsnapshot.rng
index 8863d9957890d0b194ef636ebc5581d6d4eff1a1..8e39feb2298d5d13c54393e67aa26b8134aec6bd 100644 (file)
--- a/docs/schemas/domainsnapshot.rng
+++ b/docs/schemas/domainsnapshot.rng
@@ -157,6 +157,9 @@
                     <optional>
                       <ref name='storageStartupPolicy'/>
                     </optional>
+                    <zeroOrMore>
+                      <ref name='devSeclabel'/>
+                    </zeroOrMore>
                     <empty/>
                   </element>
                 </optional>
@@ -173,6 +176,9 @@
                     <attribute name="dev">
                       <ref name="absFilePath"/>
                     </attribute>
+                    <zeroOrMore>
+                      <ref name='devSeclabel'/>
+                    </zeroOrMore>
                     <empty/>
                   </element>
                 </optional>

diff --git a/tests/domainsnapshotxml2xmlin/disk-seclabel-invalid.xml b/tests/domainsnapshotxml2xmlin/disk-seclabel.xml
similarity index 100%
rename from tests/domainsnapshotxml2xmlin/disk-seclabel-invalid.xml
rename to tests/domainsnapshotxml2xmlin/disk-seclabel.xml