seclabel: fix regression in libvirtd restart

Commit b4343293 has a logic bug: seclabel overrides don't set def->type, but the default value is 0 (aka static). Restarting libvirtd would thus reject the XML for any domain with an override of <seclabel relabel='no'/> (which happens quite easily if a disk image lives on NFS), with a message: 2012-01-04 22:29:40.949+0000: 6769: error : virSecurityLabelDefParseXMLHelper:2593 : XML error: security label is missing Fix the logic to never read from an override's def->type, and to allow a missing <label> subelement when relabel is no. There's a lot of stupid double-negatives in the code (!norelabel) because of the way that we want the zero-initialized defaults to behave. * src/conf/domain_conf.c (virSecurityLabelDefParseXMLHelper): Use type field from correct location.

seclabel: fix regression in libvirtd restart
Commit b4343293 has a logic bug: seclabel overrides don't set def->type, but the default value is 0 (aka static). Restarting libvirtd would thus reject the XML for any domain with an override of <seclabel relabel='no'/> (which happens quite easily if a disk image lives on NFS), with a message: 2012-01-04 22:29:40.949+0000: 6769: error : virSecurityLabelDefParseXMLHelper:2593 : XML error: security label is missing Fix the logic to never read from an override's def->type, and to allow a missing <label> subelement when relabel is no. There's a lot of stupid double-negatives in the code (!norelabel) because of the way that we want the zero-initialized defaults to behave. * src/conf/domain_conf.c (virSecurityLabelDefParseXMLHelper): Use type field from correct location.
302fe95f · Eric Blake · Daniel Veillard · db371a21 · 302fe95f
隐藏空白更改
内联并排

Showing with 9 addition and 7 deletion

src/conf/domain_conf.c src/conf/domain_conf.c +9 -7

未找到文件。
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
 /*
 * domain_conf.c: domain XML processing
 *
- * Copyright (C) 2006-2011 Red Hat, Inc.
+ * Copyright (C) 2006-2012 Red Hat, Inc.
 * Copyright (C) 2006-2008 Daniel P. Berrange
 *
 * This library is free software; you can redistribute it and/or
@@ -2541,6 +2541,7 @@ virSecurityLabelDefParseXMLHelper(virSecurityLabelDefPtr def,
    char *p;
    xmlNodePtr save_ctxt = ctxt->node;
    int ret = -1;
+    int type = default_seclabel ? default_seclabel->type : def->type;
    ctxt->node = node;
@@ -2567,14 +2568,15 @@ virSecurityLabelDefParseXMLHelper(virSecurityLabelDefPtr def,
        }
        VIR_FREE(p);
        if (!default_seclabel &&
-            def->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+            type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
            def->norelabel) {
-            virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+            virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                                 "%s", _("dynamic label type must use resource relabeling"));
+                                 _("dynamic label type must use resource "
+                                   "relabeling"));
            goto cleanup;
        }
    } else {
-        if (!default_seclabel &&  def->type == VIR_DOMAIN_SECLABEL_STATIC)
+        if (!default_seclabel && type == VIR_DOMAIN_SECLABEL_STATIC)
            def->norelabel = true;
        else
            def->norelabel = false;
@@ -2583,12 +2585,12 @@ virSecurityLabelDefParseXMLHelper(virSecurityLabelDefPtr def,
    /* Only parse label, if using static labels, or
     * if the 'live' VM XML is requested, or if this is a device override
     */
-    if (def->type == VIR_DOMAIN_SECLABEL_STATIC ||
+    if (type == VIR_DOMAIN_SECLABEL_STATIC ||
        !(flags & VIR_DOMAIN_XML_INACTIVE) ||
        (default_seclabel && !def->norelabel)) {
        p = virXPathStringLimit("string(./label[1])",
                                VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
-        if (p == NULL) {
+        if (p == NULL && !(default_seclabel && def->norelabel)) {
            virDomainReportError(VIR_ERR_XML_ERROR,
                                 "%s", _("security label is missing"));
            goto cleanup;