External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-09 06:25:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

conf: format runtime DAC seclabel, unless MIGRATABLE

Browse Source 
We historically format runtime seclabel selinux/apparmor values,
however we skip formatting runtime DAC values. This was added in

commit 990e46c454
Author: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
Date:   Fri Aug 31 13:40:41 2012 +0200

    conf: Avoid formatting auto-generated DAC labels

to maintain migration compatibility with libvirt < 0.10.0.

However the formatting was skipped unconditionally. Instead only
skip formatting in the VIR_DOMAIN_DEF_FORMAT_MIGRATABLE case.

https://bugzilla.redhat.com/show_bug.cgi?id=1215833
This commit is contained in:
Cole Robinson 2016-04-23 13:46:25 -04:00
parent 20b52668dd
commit 601531d6ea
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/conf/domain_conf.c
View File

@ -18748,7 +18748,8 @@ virDomainEventActionDefFormat(virBufferPtr buf,
static void
virSecurityLabelDefFormat(virBufferPtr buf,
virSecurityLabelDefPtr def)
virSecurityLabelDefPtr def,
unsigned int flags)
{
const char *sectype = virDomainSeclabelTypeToString(def->type);
@ -18758,11 +18759,13 @@ virSecurityLabelDefFormat(virBufferPtr buf,
if (def->type == VIR_DOMAIN_SECLABEL_DEFAULT)
return;
/* To avoid backward compatibility issues, suppress DAC and 'none' labels
* that are automatically generated.
/* libvirt versions prior to 0.10.0 support just a single seclabel element
* in the XML, and that would typically be filled with type=selinux.
* Don't format it in the MIGRATABLE case, for backwards compatibility
*/
if ((STREQ_NULLABLE(def->model, "dac") ||
STREQ_NULLABLE(def->model, "none")) && def->implicit)
STREQ_NULLABLE(def->model, "none")) && def->implicit &&
(flags & VIR_DOMAIN_DEF_FORMAT_MIGRATABLE))
return;
virBufferAsprintf(buf, "<seclabel type='%s'",
@ -22897,7 +22900,7 @@ virDomainDefFormatInternal(virDomainDefPtr def,
virBufferAddLit(buf, "</devices>\n");
for (n = 0; n < def->nseclabels; n++)
virSecurityLabelDefFormat(buf, def->seclabels[n]);
virSecurityLabelDefFormat(buf, def->seclabels[n], flags);
if (def->namespaceData && def->ns.format) {
if ((def->ns.format)(buf, def->namespaceData) < 0)