conf: pass default sec model in parser config

Instead of using the virCapsPtr to get the default security model,
pass this in via the parser config.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

src/conf/domain_conf.c

@@ -8919,13 +8919,12 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
 static int
 virSecurityLabelDefsParseXML(virDomainDefPtr def,
                              xmlXPathContextPtr ctxt,
-                             virCapsPtr caps,
+                             virDomainXMLOptionPtr xmlopt,
                              unsigned int flags)
 {
     VIR_XPATH_NODE_AUTORESTORE(ctxt);
     size_t i = 0, j;
     int n;
-    virCapsHostPtr host = &caps->host;
     g_autofree xmlNodePtr *list = NULL;
 
     /* Allocate a security labels based on XML */
@@ -8968,15 +8967,16 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def,
      */
     if (def->nseclabels == 1 &&
         !def->seclabels[0]->model &&
-        host->nsecModels > 0) {
+        xmlopt != NULL &&
+        xmlopt->config.defSecModel != NULL) {
         if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_NONE ||
             (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
              !def->seclabels[0]->baselabel &&
              (flags & VIR_DOMAIN_DEF_PARSE_INACTIVE))) {
             /* Copy model from host. */
             VIR_DEBUG("Found seclabel without a model, using '%s'",
-                      host->secModels[0].model);
+                      xmlopt->config.defSecModel);
-            def->seclabels[0]->model = g_strdup(host->secModels[0].model);
+            def->seclabels[0]->model = g_strdup(xmlopt->config.defSecModel);
 
             if (STREQ(def->seclabels[0]->model, "none") &&
                 flags & VIR_DOMAIN_DEF_PARSE_INACTIVE) {
@@ -19781,7 +19781,7 @@ virDomainMemorytuneDefParse(virDomainDefPtr def,
 static virDomainDefPtr
 virDomainDefParseXML(xmlDocPtr xml,
                      xmlXPathContextPtr ctxt,
-                     virCapsPtr caps,
+                     virCapsPtr caps G_GNUC_UNUSED,
                      virDomainXMLOptionPtr xmlopt,
                      unsigned int flags)
 {
@@ -19889,7 +19889,7 @@ virDomainDefParseXML(xmlDocPtr xml,
     /* analysis of security label, done early even though we format it
      * late, so devices can refer to this for defaults */
     if (!(flags & VIR_DOMAIN_DEF_PARSE_SKIP_SECLABEL)) {
-        if (virSecurityLabelDefsParseXML(def, ctxt, caps, flags) == -1)
+        if (virSecurityLabelDefsParseXML(def, ctxt, xmlopt, flags) == -1)
             goto error;
     }
 

src/conf/domain_conf.h

@@ -2707,6 +2707,7 @@ struct _virDomainDefParserConfig {
     unsigned char macPrefix[VIR_MAC_PREFIX_BUFLEN];
     virArch defArch;
     const char *netPrefix;
+    const char *defSecModel;
 };
 
 typedef void *(*virDomainXMLPrivateDataAllocFunc)(void *);

src/qemu/qemu_conf.c

@@ -1191,9 +1191,11 @@ virQEMUDriverIsPrivileged(virQEMUDriverPtr driver)
 }
 
 virDomainXMLOptionPtr
-virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver)
+virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver,
+                           const char *defsecmodel)
 {
     virQEMUDriverDomainDefParserConfig.priv = driver;
+    virQEMUDriverDomainDefParserConfig.defSecModel = defsecmodel;
     return virDomainXMLOptionNew(&virQEMUDriverDomainDefParserConfig,
                                  &virQEMUDriverPrivateDataCallbacks,
                                  &virQEMUDriverDomainXMLNamespace,

src/qemu/qemu_conf.h

@@ -366,7 +366,8 @@ int qemuRemoveSharedDisk(virQEMUDriverPtr driver,
 int qemuSetUnprivSGIO(virDomainDeviceDefPtr dev);
 
 int qemuDriverAllocateID(virQEMUDriverPtr driver);
-virDomainXMLOptionPtr virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver);
+virDomainXMLOptionPtr virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver,
+                                                 const char *defsecmodel);
 
 int qemuTranslateSnapshotDiskSourcePool(virDomainSnapshotDiskDefPtr def);
 

src/qemu/qemu_driver.c

@@ -656,6 +656,8 @@ qemuStateInitialize(bool privileged,
     g_autofree char *memoryBackingPath = NULL;
     bool autostart = true;
     size_t i;
+    const char *defsecmodel = NULL;
+    g_autofree virSecurityManagerPtr *sec_managers = NULL;
 
     if (VIR_ALLOC(qemu_driver) < 0)
         return VIR_DRV_STATE_INIT_ERROR;
@@ -916,7 +918,14 @@ qemuStateInitialize(bool privileged,
     if ((qemu_driver->caps = virQEMUDriverCreateCapabilities(qemu_driver)) == NULL)
         goto error;
 
-    if (!(qemu_driver->xmlopt = virQEMUDriverCreateXMLConf(qemu_driver)))
+    if (!(sec_managers = qemuSecurityGetNested(qemu_driver->securityManager)))
+        goto error;
+
+    if (sec_managers[0] != NULL)
+        defsecmodel = qemuSecurityGetModel(sec_managers[0]);
+
+    if (!(qemu_driver->xmlopt = virQEMUDriverCreateXMLConf(qemu_driver,
+                                                           defsecmodel)))
         goto error;
 
     /* If hugetlbfs is present, then we need to create a sub-directory within

tests/testutilsqemu.c

@@ -402,7 +402,7 @@ int qemuTestDriverInit(virQEMUDriver *driver)
     if (!driver->qemuCapsCache)
         goto error;
 
-    driver->xmlopt = virQEMUDriverCreateXMLConf(driver);
+    driver->xmlopt = virQEMUDriverCreateXMLConf(driver, "none");
     if (!driver->xmlopt)
         goto error;