conf: Fix even implicit labels
https://bugzilla.redhat.com/show_bug.cgi?id=1027096#c8 There are two ways in which security model can make it way into <seclabel/>. One is as the @model attribute, the second one is via security_driver knob in qemu.conf. Then, while parsing <seclabel/> several checks and fix ups of old, stale combinations are performed. However, iff @model is specified. They are not done in the latter case. So it's still possible to feed libvirt with senseless combinations (if qemu.conf is adjusted correctly). One example of a seclabel that needs some adjustment (in case security_driver=none in qemu.conf) is: <seclabel type='dynamic' relabel='yes'/> The fixup code is copied from virSecurityLabelDefParseXML (covering the former case) into virSecurityLabelDefsParseXML (which handles the latter case). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Showing
想要评论请 注册 或 登录