[libvirt] [PATCH v2 1/4] security: Refactor virSecurityManagerGenLabel

Before we generate a security label (security driver with dynamic labeling) for a domain, we first check for domain's security model validity. We should also check devices' security model as well, therefore it might be better to move this chunk of code in a separate function which would check both the domain's security model and devices' security model. This function would of course be called right before we try to generate a security label in qemuProcessStart/qemuProcessAttach --- src/security/security_manager.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 302f54d..000bc82 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -576,33 +576,15 @@ virSecurityManagerGenLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm) { int ret = -1; - size_t i, j; + size_t i; virSecurityManagerPtr* sec_managers = NULL; virSecurityLabelDefPtr seclabel; bool generated = false; - if (mgr == NULL || mgr->drv == NULL) - return ret; - if ((sec_managers = virSecurityManagerGetNested(mgr)) == NULL) return ret; virObjectLock(mgr); - for (i = 0; i < vm->nseclabels; i++) { - if (!vm->seclabels[i]->model) - continue; - - for (j = 0; sec_managers[j]; j++) - if (STREQ(vm->seclabels[i]->model, sec_managers[j]->drv->name)) - break; - - if (!sec_managers[j]) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Unable to find security driver for label %s"), - vm->seclabels[i]->model); - goto cleanup; - } - } for (i = 0; sec_managers[i]; i++) { generated = false; -- 1.9.3