External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-09 05:01:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

seclabel: refactor existing domain_conf usage

Browse Source 
A future patch will parse and output <seclabel> in more than one
location in a <domain> xml; make it easier to reuse code.

* src/conf/domain_conf.c (virSecurityLabelDefFree): Rename...
(virSecurityLabelDefClear): ...and make static.
(virSecurityLabelDefParseXML): Alter signature.
(virDomainDefParseXML, virDomainDefFree): Adjust callers.
(virDomainDefFormatInternal): Split output...
(virSecurityLabelDefFormat): ...into new helper.
This commit is contained in:
Eric Blake 2011-12-22 17:47:47 -07:00 committed by Daniel Veillard
parent 116d6af979
commit 336df7966b
1 changed files with 65 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
src/conf/domain_conf.c
View File

@ -1326,14 +1326,13 @@ void virDomainDeviceDefFree(virDomainDeviceDefPtr def)
VIR_FREE(def); VIR_FREE(def);
} }
void virSecurityLabelDefFree(virDomainDefPtr def); static void
virSecurityLabelDefClear(virSecurityLabelDefPtr def)
void virSecurityLabelDefFree(virDomainDefPtr def)
{ {
VIR_FREE(def->seclabel.model); VIR_FREE(def->model);
VIR_FREE(def->seclabel.label); VIR_FREE(def->label);
VIR_FREE(def->seclabel.imagelabel); VIR_FREE(def->imagelabel);
VIR_FREE(def->seclabel.baselabel); VIR_FREE(def->baselabel);
} }
static void static void
@ -1467,7 +1466,7 @@ void virDomainDefFree(virDomainDefPtr def)
virDomainMemballoonDefFree(def->memballoon); virDomainMemballoonDefFree(def->memballoon);
virSecurityLabelDefFree(def); virSecurityLabelDefClear(&def->seclabel);
virCPUDefFree(def->cpu); virCPUDefFree(def->cpu);
@ -6212,7 +6211,7 @@ static int virDomainLifecycleParseXML(xmlXPathContextPtr ctxt,
} }
static int static int
virSecurityLabelDefParseXML(const virDomainDefPtr def, virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
xmlXPathContextPtr ctxt, xmlXPathContextPtr ctxt,
unsigned int flags) unsigned int flags)
{ {
@ -6228,9 +6227,9 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def,
"%s", _("missing security type")); "%s", _("missing security type"));
goto error; goto error;
} }
def->seclabel.type = virDomainSeclabelTypeFromString(p); def->type = virDomainSeclabelTypeFromString(p);
VIR_FREE(p); VIR_FREE(p);
if (def->seclabel.type < 0) { if (def->type < 0) {
virDomainReportError(VIR_ERR_XML_ERROR, virDomainReportError(VIR_ERR_XML_ERROR,
"%s", _("invalid security type")); "%s", _("invalid security type"));
goto error; goto error;
@ -6239,9 +6238,9 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def,
VIR_SECURITY_LABEL_BUFLEN-1, ctxt); VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p != NULL) { if (p != NULL) {
if (STREQ(p, "yes")) { if (STREQ(p, "yes")) {
def->seclabel.norelabel = false; def->norelabel = false;
} else if (STREQ(p, "no")) { } else if (STREQ(p, "no")) {
def->seclabel.norelabel = true; def->norelabel = true;
} else { } else {
virDomainReportError(VIR_ERR_XML_ERROR, virDomainReportError(VIR_ERR_XML_ERROR,
_("invalid security relabel value %s"), p); _("invalid security relabel value %s"), p);
@ -6249,23 +6248,23 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def,
goto error; goto error;
} }
VIR_FREE(p); VIR_FREE(p);
if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
def->seclabel.norelabel) { def->norelabel) {
virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED, virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED,
"%s", _("dynamic label type must use resource relabeling")); "%s", _("dynamic label type must use resource relabeling"));
goto error; goto error;
} }
} else { } else {
if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) if (def->type == VIR_DOMAIN_SECLABEL_STATIC)
def->seclabel.norelabel = true; def->norelabel = true;
else else
def->seclabel.norelabel = false; def->norelabel = false;
} }
/* Only parse label, if using static labels, or /* Only parse label, if using static labels, or
* if the 'live' VM XML is requested * if the 'live' VM XML is requested
*/ */
if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC || if (def->type == VIR_DOMAIN_SECLABEL_STATIC ||
!(flags & VIR_DOMAIN_XML_INACTIVE)) { !(flags & VIR_DOMAIN_XML_INACTIVE)) {
p = virXPathStringLimit("string(./seclabel/label[1])", p = virXPathStringLimit("string(./seclabel/label[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt); VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
@ -6275,11 +6274,11 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def,
goto error; goto error;
} }
def->seclabel.label = p; def->label = p;
} }
/* Only parse imagelabel, if requested live XML with relabeling */ /* Only parse imagelabel, if requested live XML with relabeling */
if (!def->seclabel.norelabel && if (!def->norelabel &&
!(flags & VIR_DOMAIN_XML_INACTIVE)) { !(flags & VIR_DOMAIN_XML_INACTIVE)) {
p = virXPathStringLimit("string(./seclabel/imagelabel[1])", p = virXPathStringLimit("string(./seclabel/imagelabel[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt); VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
@ -6288,22 +6287,22 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def,
"%s", _("security imagelabel is missing")); "%s", _("security imagelabel is missing"));
goto error; goto error;
} }
def->seclabel.imagelabel = p; def->imagelabel = p;
} }
/* Only parse baselabel, for dynamic label */ /* Only parse baselabel, for dynamic label */
if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) { if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
p = virXPathStringLimit("string(./seclabel/baselabel[1])", p = virXPathStringLimit("string(./seclabel/baselabel[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt); VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p != NULL) if (p != NULL)
def->seclabel.baselabel = p; def->baselabel = p;
} }
/* Only parse model, if static labelling, or a base /* Only parse model, if static labelling, or a base
* label is set, or doing active XML * label is set, or doing active XML
*/ */
if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC || if (def->type == VIR_DOMAIN_SECLABEL_STATIC ||
def->seclabel.baselabel || def->baselabel ||
!(flags & VIR_DOMAIN_XML_INACTIVE)) { !(flags & VIR_DOMAIN_XML_INACTIVE)) {
p = virXPathStringLimit("string(./seclabel/@model)", p = virXPathStringLimit("string(./seclabel/@model)",
VIR_SECURITY_MODEL_BUFLEN-1, ctxt); VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
@ -6312,13 +6311,13 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def,
"%s", _("missing security model")); "%s", _("missing security model"));
goto error; goto error;
} }
def->seclabel.model = p; def->model = p;
} }
return 0; return 0;
error: error:
virSecurityLabelDefFree(def); virSecurityLabelDefClear(def);
return -1; return -1;
} }
@ -7939,7 +7938,7 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
VIR_FREE(nodes); VIR_FREE(nodes);
/* analysis of security label */ /* analysis of security label */
if (virSecurityLabelDefParseXML(def, ctxt, flags) == -1) if (virSecurityLabelDefParseXML(&def->seclabel, ctxt, flags) == -1)
goto error; goto error;
if ((node = virXPathNode("./cpu[1]", ctxt)) != NULL) { if ((node = virXPathNode("./cpu[1]", ctxt)) != NULL) {
@ -9738,6 +9737,40 @@ virDomainLifecycleDefFormat(virBufferPtr buf,
} }
static int
virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def,
unsigned int flags)
{
const char *sectype = virDomainSeclabelTypeToString(def->type);
int ret = -1;
if (!sectype)
goto cleanup;
if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
!def->baselabel &&
(flags & VIR_DOMAIN_XML_INACTIVE)) {
/* This is the default for inactive xml, so nothing to output. */
} else {
virBufferAsprintf(buf, "<seclabel type='%s' model='%s' relabel='%s'>\n",
sectype, def->model,
def->norelabel ? "no" : "yes");
virBufferEscapeString(buf, " <label>%s</label>\n",
def->label);
if (!def->norelabel)
virBufferEscapeString(buf, " <imagelabel>%s</imagelabel>\n",
def->imagelabel);
if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC)
virBufferEscapeString(buf, " <baselabel>%s</baselabel>\n",
def->baselabel);
virBufferAddLit(buf, "</seclabel>\n");
}
ret = 0;
cleanup:
return ret;
}
static int static int
virDomainLeaseDefFormat(virBufferPtr buf, virDomainLeaseDefFormat(virBufferPtr buf,
virDomainLeaseDefPtr def) virDomainLeaseDefPtr def)
@ -11679,31 +11712,10 @@ virDomainDefFormatInternal(virDomainDefPtr def,
virBufferAddLit(buf, " </devices>\n"); virBufferAddLit(buf, " </devices>\n");
if (def->seclabel.model) { if (def->seclabel.model) {
const char *sectype = virDomainSeclabelTypeToString(def->seclabel.type); virBufferAdjustIndent(buf, 2);
if (!sectype) if (virSecurityLabelDefFormat(buf, &def->seclabel, flags) < 0)
goto cleanup; goto cleanup;
virBufferAdjustIndent(buf, -2);
if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
!def->seclabel.baselabel &&
(flags & VIR_DOMAIN_XML_INACTIVE)) {
/* This is the default for inactive xml, so nothing to output. */
} else {
virBufferAsprintf(buf, " <seclabel type='%s' model='%s' "
"relabel='%s'>\n",
sectype, def->seclabel.model,
def->seclabel.norelabel ? "no" : "yes");
virBufferEscapeString(buf, " <label>%s</label>\n",
def->seclabel.label);
if (!def->seclabel.norelabel)
virBufferEscapeString(buf,
" <imagelabel>%s</imagelabel>\n",
def->seclabel.imagelabel);
if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC)
virBufferEscapeString(buf,
" <baselabel>%s</baselabel>\n",
def->seclabel.baselabel);
virBufferAddLit(buf, " </seclabel>\n");
}
} }
if (def->namespaceData && def->ns.format) { if (def->namespaceData && def->ns.format) {