VIR_FREE(def->baselabel);
}
-static void
-virSecurityLabelDefFree(virSecurityLabelDefPtr def)
-{
- if (!def)
- return;
- virSecurityLabelDefClear(def);
- VIR_FREE(def);
-}
-
void virDomainGraphicsDefFree(virDomainGraphicsDefPtr def)
{
int ii;
VIR_FREE(def->serial);
VIR_FREE(def->src);
- virSecurityLabelDefFree(def->seclabel);
VIR_FREE(def->dst);
VIR_FREE(def->driverName);
VIR_FREE(def->driverType);
return 0;
}
-/* Parse the portion of a SecurityLabel that is common to both the
- * top-level <seclabel> and to a per-device override.
- * default_seclabel is NULL for top-level, or points to the top-level
- * when parsing an override. */
static int
-virSecurityLabelDefParseXMLHelper(virSecurityLabelDefPtr def,
- xmlNodePtr node,
- xmlXPathContextPtr ctxt,
- virSecurityLabelDefPtr default_seclabel,
- unsigned int flags)
+virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
+ xmlXPathContextPtr ctxt,
+ unsigned int flags)
{
char *p;
- xmlNodePtr save_ctxt = ctxt->node;
- int ret = -1;
- int type = default_seclabel ? default_seclabel->type : def->type;
- ctxt->node = node;
+ if (virXPathNode("./seclabel", ctxt) == NULL)
+ return 0;
- /* Can't use overrides if top-level doesn't allow relabeling. */
- if (default_seclabel && default_seclabel->norelabel) {
- virDomainReportError(VIR_ERR_XML_ERROR, "%s",
- _("label overrides require relabeling to be "
- "enabled at the domain level"));
- goto cleanup;
+ p = virXPathStringLimit("string(./seclabel/@type)",
+ VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
+ if (p == NULL) {
+ virDomainReportError(VIR_ERR_XML_ERROR,
+ "%s", _("missing security type"));
+ goto error;
}
-
- p = virXPathStringLimit("string(./@relabel)",
+ def->type = virDomainSeclabelTypeFromString(p);
+ VIR_FREE(p);
+ if (def->type < 0) {
+ virDomainReportError(VIR_ERR_XML_ERROR,
+ "%s", _("invalid security type"));
+ goto error;
+ }
+ p = virXPathStringLimit("string(./seclabel/@relabel)",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p != NULL) {
if (STREQ(p, "yes")) {
virDomainReportError(VIR_ERR_XML_ERROR,
_("invalid security relabel value %s"), p);
VIR_FREE(p);
- goto cleanup;
+ goto error;
}
VIR_FREE(p);
- if (!default_seclabel &&
- type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+ if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
def->norelabel) {
- virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("dynamic label type must use resource "
- "relabeling"));
- goto cleanup;
+ virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ "%s", _("dynamic label type must use resource relabeling"));
+ goto error;
}
} else {
- if (!default_seclabel && type == VIR_DOMAIN_SECLABEL_STATIC)
+ if (def->type == VIR_DOMAIN_SECLABEL_STATIC)
def->norelabel = true;
else
def->norelabel = false;
}
/* Only parse label, if using static labels, or
- * if the 'live' VM XML is requested, or if this is a device override
+ * if the 'live' VM XML is requested
*/
- if (type == VIR_DOMAIN_SECLABEL_STATIC ||
- !(flags & VIR_DOMAIN_XML_INACTIVE) ||
- (default_seclabel && !def->norelabel)) {
- p = virXPathStringLimit("string(./label[1])",
+ if (def->type == VIR_DOMAIN_SECLABEL_STATIC ||
+ !(flags & VIR_DOMAIN_XML_INACTIVE)) {
+ p = virXPathStringLimit("string(./seclabel/label[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
- if (p == NULL && !(default_seclabel && def->norelabel)) {
+ if (p == NULL) {
virDomainReportError(VIR_ERR_XML_ERROR,
"%s", _("security label is missing"));
- goto cleanup;
+ goto error;
}
def->label = p;
}
- ret = 0;
-cleanup:
- ctxt->node = save_ctxt;
- return ret;
-}
-
-/* Parse the top-level <seclabel>, if present. */
-static int
-virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
- xmlXPathContextPtr ctxt,
- unsigned int flags)
-{
- char *p;
- xmlNodePtr node = virXPathNode("./seclabel", ctxt);
-
- if (node == NULL)
- return 0;
-
- p = virXPathStringLimit("string(./seclabel/@type)",
- VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
- if (p == NULL) {
- virDomainReportError(VIR_ERR_XML_ERROR,
- "%s", _("missing security type"));
- goto error;
- }
- def->type = virDomainSeclabelTypeFromString(p);
- VIR_FREE(p);
- if (def->type < 0) {
- virDomainReportError(VIR_ERR_XML_ERROR,
- "%s", _("invalid security type"));
- goto error;
- }
-
- if (virSecurityLabelDefParseXMLHelper(def, node, ctxt, NULL, flags) < 0)
- goto error;
-
/* Only parse imagelabel, if requested live XML with relabeling */
if (!def->norelabel &&
!(flags & VIR_DOMAIN_XML_INACTIVE)) {
xmlNodePtr node,
xmlXPathContextPtr ctxt,
virBitmapPtr bootMap,
- virSecurityLabelDefPtr default_seclabel,
unsigned int flags)
{
virDomainDiskDefPtr def;
goto error;
}
- /* If source is present, check for an optional seclabel override. */
- if (source) {
- xmlNodePtr seclabel = virXPathNode("./source/seclabel", ctxt);
- if (seclabel &&
- (VIR_ALLOC(def->seclabel) < 0 ||
- virSecurityLabelDefParseXMLHelper(def->seclabel, seclabel, ctxt,
- default_seclabel, flags) < 0))
- goto error;
- }
-
if (target == NULL) {
virDomainReportError(VIR_ERR_NO_TARGET,
source ? "%s" : NULL, source);
if (xmlStrEqual(node->name, BAD_CAST "disk")) {
dev->type = VIR_DOMAIN_DEVICE_DISK;
if (!(dev->data.disk = virDomainDiskDefParseXML(caps, node, ctxt,
- NULL, &def->seclabel,
- flags)))
+ NULL, flags)))
goto error;
} else if (xmlStrEqual(node->name, BAD_CAST "lease")) {
dev->type = VIR_DOMAIN_DEVICE_LEASE;
nodes[i],
ctxt,
bootMap,
- &def->seclabel,
flags);
if (!disk)
goto error;
if (!sectype)
goto cleanup;
- if (def->model &&
- def->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+ if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
!def->baselabel &&
(flags & VIR_DOMAIN_XML_INACTIVE)) {
/* This is the default for inactive xml, so nothing to output. */
} else {
- virBufferAddLit(buf, "<seclabel");
- if (def->model)
- virBufferAsprintf(buf, " type='%s' model='%s'",
- sectype, def->model);
- virBufferAsprintf(buf, " relabel='%s'",
+ virBufferAsprintf(buf, "<seclabel type='%s' model='%s' relabel='%s'>\n",
+ sectype, def->model,
def->norelabel ? "no" : "yes");
- if (def->label || def->baselabel) {
- virBufferAddLit(buf, ">\n");
- virBufferEscapeString(buf, " <label>%s</label>\n",
- def->label);
- if (!def->norelabel)
- virBufferEscapeString(buf, " <imagelabel>%s</imagelabel>\n",
- def->imagelabel);
- if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC)
- virBufferEscapeString(buf, " <baselabel>%s</baselabel>\n",
- def->baselabel);
- virBufferAddLit(buf, "</seclabel>\n");
- } else {
- virBufferAddLit(buf, "/>\n");
- }
+ virBufferEscapeString(buf, " <label>%s</label>\n",
+ def->label);
+ if (!def->norelabel)
+ virBufferEscapeString(buf, " <imagelabel>%s</imagelabel>\n",
+ def->imagelabel);
+ if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC)
+ virBufferEscapeString(buf, " <baselabel>%s</baselabel>\n",
+ def->baselabel);
+ virBufferAddLit(buf, "</seclabel>\n");
}
ret = 0;
cleanup:
def->startupPolicy) {
switch (def->type) {
case VIR_DOMAIN_DISK_TYPE_FILE:
- virBufferAddLit(buf, " <source");
+ virBufferAsprintf(buf," <source");
if (def->src)
virBufferEscapeString(buf, " file='%s'", def->src);
if (def->startupPolicy)
virBufferEscapeString(buf, " startupPolicy='%s'",
startupPolicy);
- if (def->seclabel) {
- virBufferAddLit(buf, ">\n");
- virBufferAdjustIndent(buf, 8);
- if (virSecurityLabelDefFormat(buf, def->seclabel, flags) < 0)
- return -1;
- virBufferAdjustIndent(buf, -8);
- virBufferAddLit(buf, " </source>\n");
- } else {
- virBufferAddLit(buf, "/>\n");
- }
+ virBufferAsprintf(buf, "/>\n");
break;
case VIR_DOMAIN_DISK_TYPE_BLOCK:
- if (def->src && def->seclabel) {
- virBufferEscapeString(buf, " <source dev='%s'>\n",
- def->src);
- virBufferAdjustIndent(buf, 8);
- if (virSecurityLabelDefFormat(buf, def->seclabel, flags) < 0)
- return -1;
- virBufferAdjustIndent(buf, -8);
- virBufferAddLit(buf, " </source>\n");
- } else {
- virBufferEscapeString(buf, " <source dev='%s'/>\n",
- def->src);
- }
+ virBufferEscapeString(buf, " <source dev='%s'/>\n",
+ def->src);
break;
case VIR_DOMAIN_DISK_TYPE_DIR:
virBufferEscapeString(buf, " <source dir='%s'/>\n",
projects / thirdparty / libvirt.git / commitdiff
