[libvirt] [PATCH 1/2] seclabel: Do not output relabel attribute for type 'none'

Security label type 'none' requires relabel to be set to 'no' so there's no reason to output this extra attribute. Moreover, since relabel is internally stored in a negative from (norelabel), the default value for relabel would be 'yes' in case there is no <seclabel> element in domain configuration. In case VIR_DOMAIN_SECLABEL_DEFAULT turns into VIR_DOMAIN_SECLABEL_NONE, we would incorrectly output relabel='yes' for seclabel type 'none'. --- src/conf/domain_conf.c | 9 +++++---- .../qemuxml2argv-seclabel-none.xml | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 6949ece..81836e5 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -9948,16 +9948,17 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def) virBufferAsprintf(buf, "<seclabel type='%s'", sectype); - virBufferEscapeString(buf, " model='%s'", def->model); - - virBufferAsprintf(buf, " relabel='%s'", - def->norelabel ? "no" : "yes"); if (def->type == VIR_DOMAIN_SECLABEL_NONE) { virBufferAddLit(buf, "/>\n"); return; } + virBufferEscapeString(buf, " model='%s'", def->model); + + virBufferAsprintf(buf, " relabel='%s'", + def->norelabel ? "no" : "yes"); + if (def->label || def->imagelabel || def->baselabel) { virBufferAddLit(buf, ">\n"); diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml index 1ef97ce..9def692 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml @@ -22,5 +22,5 @@ <controller type='ide' index='0'/> <memballoon model='virtio'/> </devices> - <seclabel type='none' relabel='no'/> + <seclabel type='none'/> </domain> -- 1.7.8.4