4:32 a.m.
Instead of allocating the virSecurityLabelDef structure ourselves, we
can utilize virSecurityLabelDefNew which even sets the default values
for us.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/conf/domain_conf.c | 103 ++++++++++++++++++++++++-------------------------
1 file changed, 50 insertions(+), 53 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 7b90903..de60cd2 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4553,91 +4553,87 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
unsigned int flags)
{
char *p;
- virSecurityLabelDefPtr def = NULL;
+ virSecurityLabelDefPtr seclabel = NULL;
- if (VIR_ALLOC(def) < 0)
+ p = virXPathStringLimit("string(./@model)",
+ VIR_SECURITY_MODEL_BUFLEN - 1, ctxt);
+
+ if (!(seclabel = virSecurityLabelDefNew(p)))
goto error;
+ /* set seclabelault value */
+ seclabel->type = VIR_DOMAIN_SECLABEL_DYNAMIC;
+
p = virXPathStringLimit("string(./@type)",
- VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
- if (p == NULL) {
- def->type = VIR_DOMAIN_SECLABEL_DYNAMIC;
- } else {
- def->type = virDomainSeclabelTypeFromString(p);
- VIR_FREE(p);
- if (def->type <= 0) {
+ VIR_SECURITY_LABEL_BUFLEN - 1, ctxt);
+ if (p) {
+ seclabel->type = virDomainSeclabelTypeFromString(p);
+ if (seclabel->type <= 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- "%s", _("invalid security type"));
+ _("invalid security type '%s'"), p);
goto error;
}
}
+ if (seclabel->type == VIR_DOMAIN_SECLABEL_STATIC ||
+ seclabel->type == VIR_DOMAIN_SECLABEL_NONE)
+ seclabel->relabel = false;
+
+ VIR_FREE(p);
p = virXPathStringLimit("string(./@relabel)",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
- if (p != NULL) {
+ if (p) {
if (STREQ(p, "yes")) {
- def->relabel = true;
+ seclabel->relabel = true;
} else if (STREQ(p, "no")) {
- def->relabel = false;
+ seclabel->relabel = false;
} else {
virReportError(VIR_ERR_XML_ERROR,
_("invalid security relabel value %s"), p);
- VIR_FREE(p);
goto error;
}
- VIR_FREE(p);
- if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
- !def->relabel) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- "%s", _("dynamic label type must use resource
relabeling"));
- goto error;
- }
- if (def->type == VIR_DOMAIN_SECLABEL_NONE &&
- def->relabel) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- "%s", _("resource relabeling is not compatible
with 'none' label type"));
- goto error;
- }
- } else {
- if (def->type == VIR_DOMAIN_SECLABEL_STATIC ||
- def->type == VIR_DOMAIN_SECLABEL_NONE)
- def->relabel = false;
- else
- def->relabel = true;
}
- /* Always parse model */
- p = virXPathStringLimit("string(./@model)",
- VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
- def->model = p;
+ if (seclabel->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+ !seclabel->relabel) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ "%s", _("dynamic label type must use resource
relabeling"));
+ goto error;
+ }
+ if (seclabel->type == VIR_DOMAIN_SECLABEL_NONE &&
+ seclabel->relabel) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ "%s", _("resource relabeling is not compatible with
'none' label type"));
+ goto error;
+ }
/* For the model 'none' none of the following labels is going to be
* present. Hence, return now. */
- if (STREQ_NULLABLE(def->model, "none")) {
+ if (STREQ_NULLABLE(seclabel->model, "none")) {
if (flags & VIR_DOMAIN_XML_INACTIVE) {
/* Fix older configurations */
- def->type = VIR_DOMAIN_SECLABEL_NONE;
- def->relabel = false;
+ seclabel->type = VIR_DOMAIN_SECLABEL_NONE;
+ seclabel->relabel = false;
} else {
- if (def->type != VIR_DOMAIN_SECLABEL_NONE) {
+ if (seclabel->type != VIR_DOMAIN_SECLABEL_NONE) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("unsupported type='%s' to model
'none'"),
- virDomainSeclabelTypeToString(def->type));
+ virDomainSeclabelTypeToString(seclabel->type));
goto error;
}
/* combination of relabel='yes' and type='static'
* is checked a few lines above. */
}
- return def;
+ return seclabel;
}
/* Only parse label, if using static labels, or
* if the 'live' VM XML is requested
*/
- if (def->type == VIR_DOMAIN_SECLABEL_STATIC ||
+ if (seclabel->type == VIR_DOMAIN_SECLABEL_STATIC ||
(!(flags & VIR_DOMAIN_XML_INACTIVE) &&
- def->type != VIR_DOMAIN_SECLABEL_NONE)) {
+ seclabel->type != VIR_DOMAIN_SECLABEL_NONE)) {
p = virXPathStringLimit("string(./label[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p == NULL) {
@@ -4646,13 +4642,13 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
goto error;
}
- def->label = p;
+ seclabel->label = p;
}
/* Only parse imagelabel, if requested live XML with relabeling */
- if (def->relabel &&
+ if (seclabel->relabel &&
(!(flags & VIR_DOMAIN_XML_INACTIVE) &&
- def->type != VIR_DOMAIN_SECLABEL_NONE)) {
+ seclabel->type != VIR_DOMAIN_SECLABEL_NONE)) {
p = virXPathStringLimit("string(./imagelabel[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p == NULL) {
@@ -4660,20 +4656,21 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
"%s", _("security imagelabel is
missing"));
goto error;
}
- def->imagelabel = p;
+ seclabel->imagelabel = p;
}
/* Only parse baselabel for dynamic label type */
- if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
+ if (seclabel->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
p = virXPathStringLimit("string(./baselabel[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
- def->baselabel = p;
+ seclabel->baselabel = p;
}
- return def;
+ return seclabel;
error:
- virSecurityLabelDefFree(def);
+ VIR_FREE(p);
+ virSecurityLabelDefFree(seclabel);
return NULL;
}
--
1.8.5.5