xenbits.xensource.com Git - libvirt.git/commit

author	Christian Ehrhardt <christian.ehrhardt@canonical.com>
	Mon, 21 Nov 2016 14:40:23 +0000 (15:40 +0100)
committer	Guido Günther <agx@sigxcpu.org>
	Wed, 30 Nov 2016 07:15:57 +0000 (08:15 +0100)
commit	dffdac06c05a16b440819f1f9fdfc1f9d2a38349
tree	5108e10deefd434d31ef878602bd4704c41fcfec	tree
parent	bb738f9fcdc3967903a6ff78111dfa989f61d04d	commit \| diff

virt-aa-helper: fix parsing security labels by introducing VIR_DOMAIN_DEF_PARSE_SKIP_SECLABEL

When virt-aa-helper parses xml content it can fail on security labels.

It fails by requiring to parse active domain content on seclabels that
are not yet filled in.

Testcase with virt-aa-helper on a minimal xml:
$ cat << EOF > /tmp/test.xml
<domain type='kvm'>
    <name>test-seclabel</name>
    <uuid>12345678-9abc-def1-2345-6789abcdef00</uuid>
    <memory unit='KiB'>1</memory>
    <os><type arch='x86_64'>hvm</type></os>
    <seclabel type='dynamic' model='apparmor' relabel='yes'/>
    <seclabel type='dynamic' model='dac' relabel='yes'/>
</domain>
EOF
$ /usr/lib/libvirt/virt-aa-helper -d -r -p 0 \
   -u libvirt-12345678-9abc-def1-2345-6789abcdef00 < /tmp/test.xml

Current Result:
virt-aa-helper: error: could not parse XML
virt-aa-helper: error: could not get VM definition
Expected Result is a valid apparmor profile

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Guido Günther <agx@sigxcpu.org>

src/conf/domain_conf.c		diff \| blob \| blame \| history
src/conf/domain_conf.h		diff \| blob \| blame \| history
src/security/virt-aa-helper.c		diff \| blob \| blame \| history