Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 da78351b 编写于 作者: M Michal Privoznik
浏览文件
操作

virSecurityLabelDefParseXML: Rework 

Instead of allocating the virSecurityLabelDef structure ourselves, we
can utilize virSecurityLabelDefNew which even sets the default values
for us.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
上级 99c8d2e8
隐藏空白更改
内联 并排
Showing with 50 addition and 53 deletion
src/conf/domain_conf.c
浏览文件 @ da78351b
...@@ -4553,91 +4553,87 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, ...@@ -4553,91 +4553,87 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
unsigned int flags) unsigned int flags)
{ {
char *p; char *p;
virSecurityLabelDefPtr def = NULL; virSecurityLabelDefPtr seclabel = NULL;
if (VIR_ALLOC(def) < 0) p = virXPathStringLimit("string(./@model)",
VIR_SECURITY_MODEL_BUFLEN - 1, ctxt);
if (!(seclabel = virSecurityLabelDefNew(p)))
goto error; goto error;
/* set default value */
seclabel->type = VIR_DOMAIN_SECLABEL_DYNAMIC;
p = virXPathStringLimit("string(./@type)", p = virXPathStringLimit("string(./@type)",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt); VIR_SECURITY_LABEL_BUFLEN - 1, ctxt);
if (p == NULL) { if (p) {
def->type = VIR_DOMAIN_SECLABEL_DYNAMIC; seclabel->type = virDomainSeclabelTypeFromString(p);
} else { if (seclabel->type <= 0) {
def->type = virDomainSeclabelTypeFromString(p);
VIR_FREE(p);
if (def->type <= 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
"%s", _("invalid security type")); _("invalid security type '%s'"), p);
goto error; goto error;
} }
} }
if (seclabel->type == VIR_DOMAIN_SECLABEL_STATIC ||
seclabel->type == VIR_DOMAIN_SECLABEL_NONE)
seclabel->relabel = false;
VIR_FREE(p);
p = virXPathStringLimit("string(./@relabel)", p = virXPathStringLimit("string(./@relabel)",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt); VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p != NULL) { if (p) {
if (STREQ(p, "yes")) { if (STREQ(p, "yes")) {
def->relabel = true; seclabel->relabel = true;
} else if (STREQ(p, "no")) { } else if (STREQ(p, "no")) {
def->relabel = false; seclabel->relabel = false;
} else { } else {
virReportError(VIR_ERR_XML_ERROR, virReportError(VIR_ERR_XML_ERROR,
_("invalid security relabel value %s"), p); _("invalid security relabel value %s"), p);
VIR_FREE(p);
goto error;
}
VIR_FREE(p);
if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
!def->relabel) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
"%s", _("dynamic label type must use resource relabeling"));
goto error; goto error;
} }
if (def->type == VIR_DOMAIN_SECLABEL_NONE &&
def->relabel) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
"%s", _("resource relabeling is not compatible with 'none' label type"));
goto error;
}
} else {
if (def->type == VIR_DOMAIN_SECLABEL_STATIC ||
def->type == VIR_DOMAIN_SECLABEL_NONE)
def->relabel = false;
else
def->relabel = true;
} }
/* Always parse model */ if (seclabel->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
p = virXPathStringLimit("string(./@model)", !seclabel->relabel) {
VIR_SECURITY_MODEL_BUFLEN-1, ctxt); virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
def->model = p; "%s", _("dynamic label type must use resource relabeling"));
goto error;
}
if (seclabel->type == VIR_DOMAIN_SECLABEL_NONE &&
seclabel->relabel) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
"%s", _("resource relabeling is not compatible with 'none' label type"));
goto error;
}
/* For the model 'none' none of the following labels is going to be /* For the model 'none' none of the following labels is going to be
* present. Hence, return now. */ * present. Hence, return now. */
if (STREQ_NULLABLE(def->model, "none")) { if (STREQ_NULLABLE(seclabel->model, "none")) {
if (flags & VIR_DOMAIN_XML_INACTIVE) { if (flags & VIR_DOMAIN_XML_INACTIVE) {
/* Fix older configurations */ /* Fix older configurations */
def->type = VIR_DOMAIN_SECLABEL_NONE; seclabel->type = VIR_DOMAIN_SECLABEL_NONE;
def->relabel = false; seclabel->relabel = false;
} else { } else {
if (def->type != VIR_DOMAIN_SECLABEL_NONE) { if (seclabel->type != VIR_DOMAIN_SECLABEL_NONE) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("unsupported type='%s' to model 'none'"), _("unsupported type='%s' to model 'none'"),
virDomainSeclabelTypeToString(def->type)); virDomainSeclabelTypeToString(seclabel->type));
goto error; goto error;
} }
/* combination of relabel='yes' and type='static' /* combination of relabel='yes' and type='static'
* is checked a few lines above. */ * is checked a few lines above. */
} }
return def; return seclabel;
} }
/* Only parse label, if using static labels, or /* Only parse label, if using static labels, or
* if the 'live' VM XML is requested * if the 'live' VM XML is requested
*/ */
if (def->type == VIR_DOMAIN_SECLABEL_STATIC || if (seclabel->type == VIR_DOMAIN_SECLABEL_STATIC ||
(!(flags & VIR_DOMAIN_XML_INACTIVE) && (!(flags & VIR_DOMAIN_XML_INACTIVE) &&
def->type != VIR_DOMAIN_SECLABEL_NONE)) { seclabel->type != VIR_DOMAIN_SECLABEL_NONE)) {
p = virXPathStringLimit("string(./label[1])", p = virXPathStringLimit("string(./label[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt); VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p == NULL) { if (p == NULL) {
...@@ -4646,13 +4642,13 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, ...@@ -4646,13 +4642,13 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
goto error; goto error;
} }
def->label = p; seclabel->label = p;
} }
/* Only parse imagelabel, if requested live XML with relabeling */ /* Only parse imagelabel, if requested live XML with relabeling */
if (def->relabel && if (seclabel->relabel &&
(!(flags & VIR_DOMAIN_XML_INACTIVE) && (!(flags & VIR_DOMAIN_XML_INACTIVE) &&
def->type != VIR_DOMAIN_SECLABEL_NONE)) { seclabel->type != VIR_DOMAIN_SECLABEL_NONE)) {
p = virXPathStringLimit("string(./imagelabel[1])", p = virXPathStringLimit("string(./imagelabel[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt); VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p == NULL) { if (p == NULL) {
...@@ -4660,20 +4656,21 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, ...@@ -4660,20 +4656,21 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
"%s", _("security imagelabel is missing")); "%s", _("security imagelabel is missing"));
goto error; goto error;
} }
def->imagelabel = p; seclabel->imagelabel = p;
} }
/* Only parse baselabel for dynamic label type */ /* Only parse baselabel for dynamic label type */
if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC) { if (seclabel->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
p = virXPathStringLimit("string(./baselabel[1])", p = virXPathStringLimit("string(./baselabel[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt); VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
def->baselabel = p; seclabel->baselabel = p;
} }
return def; return seclabel;
error: error:
virSecurityLabelDefFree(def); VIR_FREE(p);
virSecurityLabelDefFree(seclabel);
return NULL; return NULL;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册