static int
virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDefPtr **seclabels_rtn,
size_t *nseclabels_rtn,
- virSecurityLabelDefPtr *vmSeclabels,
- int nvmSeclabels, xmlXPathContextPtr ctxt,
+ xmlXPathContextPtr ctxt,
unsigned int flags)
{
virSecurityDeviceLabelDefPtr *seclabels = NULL;
int n;
size_t i, j;
xmlNodePtr *list = NULL;
- virSecurityLabelDefPtr vmDef = NULL;
char *model, *relabel, *label, *labelskip;
if ((n = virXPathNodeSet("./seclabel", ctxt, &list)) < 0)
/* get model associated to this override */
model = virXMLPropString(list[i], "model");
if (model) {
- /* find the security label that it's being overridden */
- for (j = 0; j < nvmSeclabels; j++) {
- if (STREQ(vmSeclabels[j]->model, model)) {
- vmDef = vmSeclabels[j];
- break;
- }
- }
-
/* check for duplicate seclabels */
for (j = 0; j < i; j++) {
if (STREQ_NULLABLE(model, seclabels[j]->model)) {
seclabels[i]->model = model;
}
- /* Can't use overrides if top-level doesn't allow relabeling. */
- if (vmDef && !vmDef->relabel) {
- virReportError(VIR_ERR_XML_ERROR, "%s",
- _("label overrides require relabeling to be "
- "enabled at the domain level"));
- goto error;
- }
-
relabel = virXMLPropString(list[i], "relabel");
if (relabel != NULL) {
if (STREQ(relabel, "yes")) {
}
+static int
+virSecurityDeviceLabelDefValidateXML(virSecurityDeviceLabelDefPtr *seclabels,
+ size_t nseclabels,
+ virSecurityLabelDefPtr *vmSeclabels,
+ size_t nvmSeclabels)
+{
+ virSecurityDeviceLabelDefPtr seclabel;
+ size_t i;
+ size_t j;
+
+ for (i = 0; i < nseclabels; i++) {
+ seclabel = seclabels[i];
+
+ /* find the security label that it's being overridden */
+ for (j = 0; j < nvmSeclabels; j++) {
+ if (STRNEQ_NULLABLE(vmSeclabels[j]->model, seclabel->model))
+ continue;
+
+ if (!vmSeclabels[j]->relabel) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("label overrides require relabeling to be "
+ "enabled at the domain level"));
+ return -1;
+ }
+ }
+ }
+
+ return 0;
+}
+
+
/* Parse the XML definition for a lease
*/
static virDomainLeaseDefPtr
ctxt->node = sourceNode;
if (virSecurityDeviceLabelDefParseXML(&def->src->seclabels,
&def->src->nseclabels,
- vmSeclabels,
- nvmSeclabels,
ctxt,
flags) < 0)
goto error;
+
+ if (virSecurityDeviceLabelDefValidateXML(def->src->seclabels,
+ def->src->nseclabels,
+ vmSeclabels,
+ nvmSeclabels) < 0)
+ goto error;
+
ctxt->node = saved_node;
}
ctxt->node = cur;
if (virSecurityDeviceLabelDefParseXML(&def->seclabels,
&def->nseclabels,
- vmSeclabels,
- nvmSeclabels,
ctxt,
- flags) < 0) {
+ flags) < 0 ||
+ virSecurityDeviceLabelDefValidateXML(def->seclabels,
+ def->nseclabels,
+ vmSeclabels,
+ nvmSeclabels) < 0) {
ctxt->node = saved_node;
goto error;
}
projects / libvirt.git / commitdiff