From 336df7966b459cc0e253d73b6e41db5fe68a820e Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Thu, 22 Dec 2011 17:47:47 -0700 Subject: [PATCH] seclabel: refactor existing domain_conf usage A future patch will parse and output in more than one location in a xml; make it easier to reuse code. * src/conf/domain_conf.c (virSecurityLabelDefFree): Rename... (virSecurityLabelDefClear): ...and make static. (virSecurityLabelDefParseXML): Alter signature. (virDomainDefParseXML, virDomainDefFree): Adjust callers. (virDomainDefFormatInternal): Split output... (virSecurityLabelDefFormat): ...into new helper. --- src/conf/domain_conf.c | 118 +++++++++++++++++++++++------------------ 1 file changed, 65 insertions(+), 53 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 216a7078df..63faa22ded 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1326,14 +1326,13 @@ void virDomainDeviceDefFree(virDomainDeviceDefPtr def) VIR_FREE(def); } -void virSecurityLabelDefFree(virDomainDefPtr def); - -void virSecurityLabelDefFree(virDomainDefPtr def) +static void +virSecurityLabelDefClear(virSecurityLabelDefPtr def) { - VIR_FREE(def->seclabel.model); - VIR_FREE(def->seclabel.label); - VIR_FREE(def->seclabel.imagelabel); - VIR_FREE(def->seclabel.baselabel); + VIR_FREE(def->model); + VIR_FREE(def->label); + VIR_FREE(def->imagelabel); + VIR_FREE(def->baselabel); } static void @@ -1467,7 +1466,7 @@ void virDomainDefFree(virDomainDefPtr def) virDomainMemballoonDefFree(def->memballoon); - virSecurityLabelDefFree(def); + virSecurityLabelDefClear(&def->seclabel); virCPUDefFree(def->cpu); @@ -6212,7 +6211,7 @@ static int virDomainLifecycleParseXML(xmlXPathContextPtr ctxt, } static int -virSecurityLabelDefParseXML(const virDomainDefPtr def, +virSecurityLabelDefParseXML(virSecurityLabelDefPtr def, xmlXPathContextPtr ctxt, unsigned int flags) { @@ -6228,9 +6227,9 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, "%s", _("missing security type")); goto error; } - def->seclabel.type = virDomainSeclabelTypeFromString(p); + def->type = virDomainSeclabelTypeFromString(p); VIR_FREE(p); - if (def->seclabel.type < 0) { + if (def->type < 0) { virDomainReportError(VIR_ERR_XML_ERROR, "%s", _("invalid security type")); goto error; @@ -6239,9 +6238,9 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, VIR_SECURITY_LABEL_BUFLEN-1, ctxt); if (p != NULL) { if (STREQ(p, "yes")) { - def->seclabel.norelabel = false; + def->norelabel = false; } else if (STREQ(p, "no")) { - def->seclabel.norelabel = true; + def->norelabel = true; } else { virDomainReportError(VIR_ERR_XML_ERROR, _("invalid security relabel value %s"), p); @@ -6249,23 +6248,23 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, goto error; } VIR_FREE(p); - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && - def->seclabel.norelabel) { + if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC && + def->norelabel) { virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("dynamic label type must use resource relabeling")); goto error; } } else { - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) - def->seclabel.norelabel = true; + if (def->type == VIR_DOMAIN_SECLABEL_STATIC) + def->norelabel = true; else - def->seclabel.norelabel = false; + def->norelabel = false; } /* Only parse label, if using static labels, or * if the 'live' VM XML is requested */ - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC || + if (def->type == VIR_DOMAIN_SECLABEL_STATIC || !(flags & VIR_DOMAIN_XML_INACTIVE)) { p = virXPathStringLimit("string(./seclabel/label[1])", VIR_SECURITY_LABEL_BUFLEN-1, ctxt); @@ -6275,11 +6274,11 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, goto error; } - def->seclabel.label = p; + def->label = p; } /* Only parse imagelabel, if requested live XML with relabeling */ - if (!def->seclabel.norelabel && + if (!def->norelabel && !(flags & VIR_DOMAIN_XML_INACTIVE)) { p = virXPathStringLimit("string(./seclabel/imagelabel[1])", VIR_SECURITY_LABEL_BUFLEN-1, ctxt); @@ -6288,22 +6287,22 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, "%s", _("security imagelabel is missing")); goto error; } - def->seclabel.imagelabel = p; + def->imagelabel = p; } /* Only parse baselabel, for dynamic label */ - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) { + if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC) { p = virXPathStringLimit("string(./seclabel/baselabel[1])", VIR_SECURITY_LABEL_BUFLEN-1, ctxt); if (p != NULL) - def->seclabel.baselabel = p; + def->baselabel = p; } /* Only parse model, if static labelling, or a base * label is set, or doing active XML */ - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC || - def->seclabel.baselabel || + if (def->type == VIR_DOMAIN_SECLABEL_STATIC || + def->baselabel || !(flags & VIR_DOMAIN_XML_INACTIVE)) { p = virXPathStringLimit("string(./seclabel/@model)", VIR_SECURITY_MODEL_BUFLEN-1, ctxt); @@ -6312,13 +6311,13 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, "%s", _("missing security model")); goto error; } - def->seclabel.model = p; + def->model = p; } return 0; error: - virSecurityLabelDefFree(def); + virSecurityLabelDefClear(def); return -1; } @@ -7939,7 +7938,7 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps, VIR_FREE(nodes); /* analysis of security label */ - if (virSecurityLabelDefParseXML(def, ctxt, flags) == -1) + if (virSecurityLabelDefParseXML(&def->seclabel, ctxt, flags) == -1) goto error; if ((node = virXPathNode("./cpu[1]", ctxt)) != NULL) { @@ -9738,6 +9737,40 @@ virDomainLifecycleDefFormat(virBufferPtr buf, } +static int +virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def, + unsigned int flags) +{ + const char *sectype = virDomainSeclabelTypeToString(def->type); + int ret = -1; + + if (!sectype) + goto cleanup; + + if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC && + !def->baselabel && + (flags & VIR_DOMAIN_XML_INACTIVE)) { + /* This is the default for inactive xml, so nothing to output. */ + } else { + virBufferAsprintf(buf, "\n", + sectype, def->model, + def->norelabel ? "no" : "yes"); + virBufferEscapeString(buf, " \n", + def->label); + if (!def->norelabel) + virBufferEscapeString(buf, " %s\n", + def->imagelabel); + if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC) + virBufferEscapeString(buf, " %s\n", + def->baselabel); + virBufferAddLit(buf, "\n"); + } + ret = 0; +cleanup: + return ret; +} + + static int virDomainLeaseDefFormat(virBufferPtr buf, virDomainLeaseDefPtr def) @@ -11679,31 +11712,10 @@ virDomainDefFormatInternal(virDomainDefPtr def, virBufferAddLit(buf, " \n"); if (def->seclabel.model) { - const char *sectype = virDomainSeclabelTypeToString(def->seclabel.type); - if (!sectype) + virBufferAdjustIndent(buf, 2); + if (virSecurityLabelDefFormat(buf, &def->seclabel, flags) < 0) goto cleanup; - - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && - !def->seclabel.baselabel && - (flags & VIR_DOMAIN_XML_INACTIVE)) { - /* This is the default for inactive xml, so nothing to output. */ - } else { - virBufferAsprintf(buf, " \n", - sectype, def->seclabel.model, - def->seclabel.norelabel ? "no" : "yes"); - virBufferEscapeString(buf, " \n", - def->seclabel.label); - if (!def->seclabel.norelabel) - virBufferEscapeString(buf, - " %s\n", - def->seclabel.imagelabel); - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) - virBufferEscapeString(buf, - " %s\n", - def->seclabel.baselabel); - virBufferAddLit(buf, " \n"); - } + virBufferAdjustIndent(buf, -2); } if (def->namespaceData && def->ns.format) {