From 13adf1b2cecc1b0eaad7c7634ac75e27b5c9535d Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Wed, 9 Jul 2014 13:23:58 +0200 Subject: [PATCH] virSecurityLabelDef: substitute 'norelabel' with 'relabel' This negation in names of boolean variables is driving me insane. The code is much more readable if we drop the 'no-' prefix. Well, at least for me. Signed-off-by: Michal Privoznik --- src/conf/domain_conf.c | 20 ++++++++++---------- src/security/security_apparmor.c | 10 +++++----- src/security/security_dac.c | 14 +++++++------- src/security/security_manager.c | 2 +- src/security/security_selinux.c | 24 ++++++++++-------------- src/util/virseclabel.c | 2 ++ src/util/virseclabel.h | 2 +- 7 files changed, 36 insertions(+), 38 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index fa76eb427c..8384b5d434 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -4576,9 +4576,9 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, VIR_SECURITY_LABEL_BUFLEN-1, ctxt); if (p != NULL) { if (STREQ(p, "yes")) { - def->norelabel = false; + def->relabel = true; } else if (STREQ(p, "no")) { - def->norelabel = true; + def->relabel = false; } else { virReportError(VIR_ERR_XML_ERROR, _("invalid security relabel value %s"), p); @@ -4587,13 +4587,13 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, } VIR_FREE(p); if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC && - def->norelabel) { + !def->relabel) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("dynamic label type must use resource relabeling")); goto error; } if (def->type == VIR_DOMAIN_SECLABEL_NONE && - !def->norelabel) { + def->relabel) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("resource relabeling is not compatible with 'none' label type")); goto error; @@ -4601,9 +4601,9 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, } else { if (def->type == VIR_DOMAIN_SECLABEL_STATIC || def->type == VIR_DOMAIN_SECLABEL_NONE) - def->norelabel = true; + def->relabel = false; else - def->norelabel = false; + def->relabel = true; } /* Always parse model */ @@ -4635,7 +4635,7 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, } /* Only parse imagelabel, if requested live XML with relabeling */ - if (!def->norelabel && + if (def->relabel && (!(flags & VIR_DOMAIN_XML_INACTIVE) && def->type != VIR_DOMAIN_SECLABEL_NONE)) { p = virXPathStringLimit("string(./imagelabel[1])", @@ -4793,7 +4793,7 @@ virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDefPtr **seclabels_rtn, } /* Can't use overrides if top-level doesn't allow relabeling. */ - if (vmDef && vmDef->norelabel) { + if (vmDef && !vmDef->relabel) { virReportError(VIR_ERR_XML_ERROR, "%s", _("label overrides require relabeling to be " "enabled at the domain level")); @@ -14708,14 +14708,14 @@ virSecurityLabelDefFormat(virBufferPtr buf, } virBufferAsprintf(buf, " relabel='%s'", - def->norelabel ? "no" : "yes"); + def->relabel ? "yes" : "no"); if (def->label || def->imagelabel || def->baselabel) { virBufferAddLit(buf, ">\n"); virBufferAdjustIndent(buf, 2); virBufferEscapeString(buf, "\n", def->label); - if (!def->norelabel) + if (def->relabel) virBufferEscapeString(buf, "%s\n", def->imagelabel); if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC) diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 1e2a38b0dd..9603c78255 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -281,7 +281,7 @@ reload_profile(virSecurityManagerPtr mgr, if (!secdef) return rc; - if (secdef->norelabel) + if (!secdef->relabel) return 0; if ((profile_name = get_profile_name(def)) == NULL) @@ -481,7 +481,7 @@ AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr, if (!secdef) return -1; - if (secdef->norelabel) + if (!secdef->relabel) return 0; /* Reload the profile if stdin_path is specified. Note that @@ -718,7 +718,7 @@ AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr, if (!(secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME))) return -1; - if (secdef->norelabel) + if (!secdef->relabel) return 0; if (secdef->imagelabel) { @@ -805,7 +805,7 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr, if (!secdef) return -1; - if (secdef->norelabel) + if (!secdef->relabel) return 0; if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) @@ -904,7 +904,7 @@ AppArmorRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, if (!secdef) return -1; - if (secdef->norelabel) + if (!secdef->relabel) return 0; return reload_profile(mgr, def, NULL, false); diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 26cd615161..665cbc943d 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -307,7 +307,7 @@ virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr, return 0; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); - if (secdef && secdef->norelabel) + if (secdef && !secdef->relabel) return 0; disk_seclabel = virStorageSourceGetSecurityLabelDef(src, @@ -369,7 +369,7 @@ virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr, return 0; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); - if (secdef && secdef->norelabel) + if (secdef && !secdef->relabel) return 0; disk_seclabel = virStorageSourceGetSecurityLabelDef(src, @@ -477,7 +477,7 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr, cbdata.manager = mgr; cbdata.secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); - if (cbdata.secdef && cbdata.secdef->norelabel) + if (cbdata.secdef && !cbdata.secdef->relabel) return 0; switch ((virDomainHostdevSubsysType) dev->source.subsys.type) { @@ -601,7 +601,7 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); - if (!priv->dynamicOwnership || (secdef && secdef->norelabel)) + if (!priv->dynamicOwnership || (secdef && !secdef->relabel)) return 0; if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) @@ -881,7 +881,7 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr, secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); - if (!priv->dynamicOwnership || (secdef && secdef->norelabel)) + if (!priv->dynamicOwnership || (secdef && !secdef->relabel)) return 0; VIR_DEBUG("Restoring security label on %s migrated=%d", @@ -955,7 +955,7 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr, secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); - if (!priv->dynamicOwnership || (secdef && secdef->norelabel)) + if (!priv->dynamicOwnership || (secdef && !secdef->relabel)) return 0; for (i = 0; i < def->ndisks; i++) { @@ -1157,7 +1157,7 @@ virSecurityDACGenLabel(virSecurityManagerPtr mgr, return rc; } - if (!seclabel->norelabel && !seclabel->imagelabel && + if (seclabel->relabel && !seclabel->imagelabel && VIR_STRDUP(seclabel->imagelabel, seclabel->label) < 0) { VIR_FREE(seclabel->label); return rc; diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 16bec5c2b4..8a45e04958 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -616,7 +616,7 @@ virSecurityManagerGenLabel(virSecurityManagerPtr mgr, seclabel->type = VIR_DOMAIN_SECLABEL_DYNAMIC; } else { seclabel->type = VIR_DOMAIN_SECLABEL_NONE; - seclabel->norelabel = true; + seclabel->relabel = false; } } diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index e06c003fee..8d4a9aa125 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1130,7 +1130,7 @@ virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr, disk_seclabel = virStorageSourceGetSecurityLabelDef(src, SECURITY_SELINUX_NAME); - if (seclabel->norelabel || (disk_seclabel && disk_seclabel->norelabel)) + if (!seclabel->relabel || (disk_seclabel && disk_seclabel->norelabel)) return 0; /* If labelskip is true and there are no backing files, then we @@ -1202,7 +1202,7 @@ virSecuritySELinuxSetSecurityImageLabelInternal(virSecurityManagerPtr mgr, return 0; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (!secdef || secdef->norelabel) + if (!secdef || !secdef->relabel) return 0; disk_seclabel = virStorageSourceGetSecurityLabelDef(src, @@ -1456,7 +1456,7 @@ virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UN virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (!secdef || secdef->norelabel) + if (!secdef || !secdef->relabel) return 0; switch (dev->mode) { @@ -1641,7 +1641,7 @@ virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (!secdef || secdef->norelabel) + if (!secdef || !secdef->relabel) return 0; switch (dev->mode) { @@ -1670,7 +1670,7 @@ virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def, int ret = -1; seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (!seclabel || seclabel->norelabel) + if (!seclabel || !seclabel->relabel) return 0; if (dev) @@ -1741,7 +1741,7 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virSecurityManagerPtr mgr, int ret = -1; seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (!seclabel || seclabel->norelabel) + if (!seclabel || !seclabel->relabel) return 0; if (dev) @@ -1866,10 +1866,8 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr, VIR_DEBUG("Restoring security label on %s", def->name); secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return 0; - if (secdef->norelabel || data->skipAllLabel) + if (!secdef || !secdef->relabel || data->skipAllLabel) return 0; if (def->tpm) { @@ -1956,7 +1954,7 @@ virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (!secdef || secdef->norelabel) + if (!secdef || !secdef->relabel) return 0; return virSecuritySELinuxSetFilecon(savefile, secdef->imagelabel); @@ -1971,7 +1969,7 @@ virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr, virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (!secdef || secdef->norelabel) + if (!secdef || !secdef->relabel) return 0; return virSecuritySELinuxRestoreSecurityFileLabel(mgr, savefile); @@ -2245,10 +2243,8 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr, virSecurityLabelDefPtr secdef; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (secdef == NULL) - return 0; - if (secdef->norelabel || data->skipAllLabel) + if (!secdef || !secdef->relabel || data->skipAllLabel) return 0; for (i = 0; i < def->ndisks; i++) { diff --git a/src/util/virseclabel.c b/src/util/virseclabel.c index 8f07de39b7..9b209c0a32 100644 --- a/src/util/virseclabel.c +++ b/src/util/virseclabel.c @@ -64,6 +64,8 @@ virSecurityLabelDefNew(const char *model) seclabel = NULL; } + seclabel->relabel = true; + return seclabel; } diff --git a/src/util/virseclabel.h b/src/util/virseclabel.h index b90d212d7d..c164c48cec 100644 --- a/src/util/virseclabel.h +++ b/src/util/virseclabel.h @@ -40,7 +40,7 @@ struct _virSecurityLabelDef { char *imagelabel; /* security image label string */ char *baselabel; /* base name of label string */ int type; /* virDomainSeclabelType */ - bool norelabel; + bool relabel; /* true (default) for allowing relabels */ bool implicit; /* true if seclabel is auto-added */ }; -- GitLab