Re: [libvirt] [PATCH v2 0/4] Couple of seclabels improvements
On 07/10/2014 10:04 AM, Michal Privoznik wrote:
diff to v1:
- rework the 3rd patch
- introduce one more bugfix
Michal Privoznik (4):
virSecurityLabelDef: substitute 'norelabel' with 'relabel'
virSecurityDeviceLabelDef: substitute 'norelabel' with 'relabel'
conf: Always format seclabel's model
conf: Don't allow multiple seclabels for same model
src/conf/domain_conf.c | 67 ++++++++++++----------
src/security/security_apparmor.c | 10 ++--
src/security/security_dac.c | 22 +++----
src/security/security_manager.c | 2 +-
src/security/security_selinux.c | 32 +++++------
src/util/virseclabel.c | 2 +-
src/util/virseclabel.h | 4 +-
.../qemuxml2argv-seclabel-dynamic-none.xml | 28 +++++++++
.../qemuxml2argv-seclabel-multiple.xml | 40 +++++++++++++
tests/qemuxml2argvtest.c | 1 +
tests/qemuxml2xmltest.c | 1 +
11 files changed, 142 insertions(+), 67 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-none.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-multiple.xml
There's a Coverity issue from these patches - it looks like perhaps
patch 1&2 were combined when submitted into commit id '13adf1b' which has:
virSecurityLabelDefPtr
virSecurityLabelDefNew(const char *model)
{
virSecurityLabelDefPtr seclabel = NULL;
if (VIR_ALLOC(seclabel) < 0 ||
VIR_STRDUP(seclabel->model, model) < 0) {
virSecurityLabelDefFree(seclabel);
seclabel = NULL;
}
+ seclabel->relabel = true;
+
return seclabel;
}
See the problem at all? It's a FORWARD_NULL on 'seclabel'.
John