From 638ffa222847acc74dd2d84d2088590ecbf8eb70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 26 Nov 2019 18:57:30 +0000 Subject: [PATCH] conf: pass default sec model in parser config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of using the virCapsPtr to get the default security model, pass this in via the parser config. Reviewed-by: Michal Privoznik Signed-off-by: Daniel P. Berrangé --- src/conf/domain_conf.c | 14 +++++++------- src/conf/domain_conf.h | 1 + src/qemu/qemu_conf.c | 4 +++- src/qemu/qemu_conf.h | 3 ++- src/qemu/qemu_driver.c | 11 ++++++++++- tests/testutilsqemu.c | 2 +- 6 files changed, 24 insertions(+), 11 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index ee048e81c0..a793aa186a 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -8919,13 +8919,12 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, static int virSecurityLabelDefsParseXML(virDomainDefPtr def, xmlXPathContextPtr ctxt, - virCapsPtr caps, + virDomainXMLOptionPtr xmlopt, unsigned int flags) { VIR_XPATH_NODE_AUTORESTORE(ctxt); size_t i = 0, j; int n; - virCapsHostPtr host = &caps->host; g_autofree xmlNodePtr *list = NULL; /* Allocate a security labels based on XML */ @@ -8968,15 +8967,16 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def, */ if (def->nseclabels == 1 && !def->seclabels[0]->model && - host->nsecModels > 0) { + xmlopt != NULL && + xmlopt->config.defSecModel != NULL) { if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_NONE || (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC && !def->seclabels[0]->baselabel && (flags & VIR_DOMAIN_DEF_PARSE_INACTIVE))) { /* Copy model from host. */ VIR_DEBUG("Found seclabel without a model, using '%s'", - host->secModels[0].model); - def->seclabels[0]->model = g_strdup(host->secModels[0].model); + xmlopt->config.defSecModel); + def->seclabels[0]->model = g_strdup(xmlopt->config.defSecModel); if (STREQ(def->seclabels[0]->model, "none") && flags & VIR_DOMAIN_DEF_PARSE_INACTIVE) { @@ -19781,7 +19781,7 @@ virDomainMemorytuneDefParse(virDomainDefPtr def, static virDomainDefPtr virDomainDefParseXML(xmlDocPtr xml, xmlXPathContextPtr ctxt, - virCapsPtr caps, + virCapsPtr caps G_GNUC_UNUSED, virDomainXMLOptionPtr xmlopt, unsigned int flags) { @@ -19889,7 +19889,7 @@ virDomainDefParseXML(xmlDocPtr xml, /* analysis of security label, done early even though we format it * late, so devices can refer to this for defaults */ if (!(flags & VIR_DOMAIN_DEF_PARSE_SKIP_SECLABEL)) { - if (virSecurityLabelDefsParseXML(def, ctxt, caps, flags) == -1) + if (virSecurityLabelDefsParseXML(def, ctxt, xmlopt, flags) == -1) goto error; } diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 55554fe681..7e75ef83d4 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2707,6 +2707,7 @@ struct _virDomainDefParserConfig { unsigned char macPrefix[VIR_MAC_PREFIX_BUFLEN]; virArch defArch; const char *netPrefix; + const char *defSecModel; }; typedef void *(*virDomainXMLPrivateDataAllocFunc)(void *); diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 53658c80e8..053bcc7e02 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -1191,9 +1191,11 @@ virQEMUDriverIsPrivileged(virQEMUDriverPtr driver) } virDomainXMLOptionPtr -virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver) +virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver, + const char *defsecmodel) { virQEMUDriverDomainDefParserConfig.priv = driver; + virQEMUDriverDomainDefParserConfig.defSecModel = defsecmodel; return virDomainXMLOptionNew(&virQEMUDriverDomainDefParserConfig, &virQEMUDriverPrivateDataCallbacks, &virQEMUDriverDomainXMLNamespace, diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index 7c56226b8c..8b6c2a95d4 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -366,7 +366,8 @@ int qemuRemoveSharedDisk(virQEMUDriverPtr driver, int qemuSetUnprivSGIO(virDomainDeviceDefPtr dev); int qemuDriverAllocateID(virQEMUDriverPtr driver); -virDomainXMLOptionPtr virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver); +virDomainXMLOptionPtr virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver, + const char *defsecmodel); int qemuTranslateSnapshotDiskSourcePool(virDomainSnapshotDiskDefPtr def); diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index dce106f84a..fca501044a 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -656,6 +656,8 @@ qemuStateInitialize(bool privileged, g_autofree char *memoryBackingPath = NULL; bool autostart = true; size_t i; + const char *defsecmodel = NULL; + g_autofree virSecurityManagerPtr *sec_managers = NULL; if (VIR_ALLOC(qemu_driver) < 0) return VIR_DRV_STATE_INIT_ERROR; @@ -916,7 +918,14 @@ qemuStateInitialize(bool privileged, if ((qemu_driver->caps = virQEMUDriverCreateCapabilities(qemu_driver)) == NULL) goto error; - if (!(qemu_driver->xmlopt = virQEMUDriverCreateXMLConf(qemu_driver))) + if (!(sec_managers = qemuSecurityGetNested(qemu_driver->securityManager))) + goto error; + + if (sec_managers[0] != NULL) + defsecmodel = qemuSecurityGetModel(sec_managers[0]); + + if (!(qemu_driver->xmlopt = virQEMUDriverCreateXMLConf(qemu_driver, + defsecmodel))) goto error; /* If hugetlbfs is present, then we need to create a sub-directory within diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index 0ca690a1ed..c24b3098a5 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -402,7 +402,7 @@ int qemuTestDriverInit(virQEMUDriver *driver) if (!driver->qemuCapsCache) goto error; - driver->xmlopt = virQEMUDriverCreateXMLConf(driver); + driver->xmlopt = virQEMUDriverCreateXMLConf(driver, "none"); if (!driver->xmlopt) goto error;