relabel = virXMLPropString(list[i], "relabel");
if (relabel != NULL) {
if (STREQ(relabel, "yes")) {
- seclabels[i]->norelabel = false;
+ seclabels[i]->relabel = true;
} else if (STREQ(relabel, "no")) {
- seclabels[i]->norelabel = true;
+ seclabels[i]->relabel = false;
} else {
virReportError(VIR_ERR_XML_ERROR,
_("invalid security relabel value %s"),
}
VIR_FREE(relabel);
} else {
- seclabels[i]->norelabel = false;
+ seclabels[i]->relabel = true;
}
/* labelskip is only parsed on live images */
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
seclabels[i]->label = label;
- if (label && seclabels[i]->norelabel) {
+ if (label && !seclabels[i]->relabel) {
virReportError(VIR_ERR_XML_ERROR,
_("Cannot specify a label if relabelling is "
"turned off. model=%s"),
{
/* For offline output, skip elements that allow labels but have no
* label specified (possible if labelskip was ignored on input). */
- if ((flags & VIR_DOMAIN_XML_INACTIVE) && !def->label && !def->norelabel)
+ if ((flags & VIR_DOMAIN_XML_INACTIVE) && !def->label && def->relabel)
return;
virBufferAddLit(buf, "<seclabel");
if (def->labelskip)
virBufferAddLit(buf, " labelskip='yes'");
else
- virBufferAsprintf(buf, " relabel='%s'", def->norelabel ? "no" : "yes");
+ virBufferAsprintf(buf, " relabel='%s'", def->relabel ? "yes" : "no");
if (def->label) {
virBufferAddLit(buf, ">\n");
disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
SECURITY_DAC_NAME);
- if (disk_seclabel && disk_seclabel->norelabel)
+ if (disk_seclabel && !disk_seclabel->relabel)
return 0;
if (disk_seclabel && disk_seclabel->label) {
disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
SECURITY_DAC_NAME);
- if (disk_seclabel && disk_seclabel->norelabel)
+ if (disk_seclabel && !disk_seclabel->relabel)
return 0;
/* If we have a shared FS and are doing migration, we must not change
chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev,
SECURITY_DAC_NAME);
- if (chr_seclabel && chr_seclabel->norelabel)
+ if (chr_seclabel && !chr_seclabel->relabel)
return 0;
if (chr_seclabel && chr_seclabel->label) {
chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev,
SECURITY_DAC_NAME);
- if (chr_seclabel && chr_seclabel->norelabel)
+ if (chr_seclabel && !chr_seclabel->relabel)
return 0;
switch ((virDomainChrType) dev_source->type) {
disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
SECURITY_SELINUX_NAME);
- if (!seclabel->relabel || (disk_seclabel && disk_seclabel->norelabel))
+ if (!seclabel->relabel || (disk_seclabel && !disk_seclabel->relabel))
return 0;
/* If labelskip is true and there are no backing files, then we
disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
SECURITY_SELINUX_NAME);
- if (disk_seclabel && disk_seclabel->norelabel)
+ if (disk_seclabel && !disk_seclabel->relabel)
return 0;
- if (disk_seclabel && !disk_seclabel->norelabel && disk_seclabel->label) {
+ if (disk_seclabel && disk_seclabel->relabel && disk_seclabel->label) {
ret = virSecuritySELinuxSetFilecon(src->path, disk_seclabel->label);
} else if (first) {
if (src->shared) {
chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev,
SECURITY_SELINUX_NAME);
- if (chr_seclabel && chr_seclabel->norelabel)
+ if (chr_seclabel && !chr_seclabel->relabel)
return 0;
if (chr_seclabel)
if (dev)
chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev,
SECURITY_SELINUX_NAME);
- if (chr_seclabel && chr_seclabel->norelabel)
+ if (chr_seclabel && !chr_seclabel->relabel)
return 0;
switch (dev_source->type) {
if (VIR_ALLOC(ret) < 0)
return NULL;
- ret->norelabel = src->norelabel;
+ ret->relabel = src->relabel;
ret->labelskip = src->labelskip;
if (VIR_STRDUP(ret->model, src->model) < 0 ||
struct _virSecurityDeviceLabelDef {
char *model;
char *label; /* image label string */
- bool norelabel; /* true to skip label attempts */
+ bool relabel; /* true (default) for allowing relabels */
bool labelskip; /* live-only; true if skipping failed label attempt */
};
projects / libvirt.git / commitdiff