Re: [libvirt] [PATCH v2 1/2] security_manager: Don't manipulate domain XML in virDomainDefGetSecurityLabelDef
On Thu, Mar 21, 2013 at 04:35:10PM +0100, Michal Privoznik wrote:
The virDomainDefGetSecurityLabelDef was modifying the domain XML.
It tried to find a seclabel corresponding to given sec driver. If the
label wasn't found, the function created one which is wrong. In fact
it's security manager which should modify this part of domain XML.
---
src/conf/domain_conf.c | 56 +++++++++++------------------------------
src/conf/domain_conf.h | 7 ++++--
src/libvirt_private.syms | 1 -
src/security/security_manager.c | 40 ++++++++++++++++++++---------
src/security/security_selinux.c | 8 ++++--
5 files changed, 53 insertions(+), 59 deletions(-)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index a750a1f..2540bca 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2297,10 +2297,13 @@ virSecurityDeviceLabelDefPtr
virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model);
virSecurityLabelDefPtr
-virDomainDefAddSecurityLabelDef(virDomainDefPtr def, const char *model);
+virDomainDefGenSecurityLabelDef(const char *model);
virSecurityDeviceLabelDefPtr
-virDomainDiskDefAddSecurityLabelDef(virDomainDiskDefPtr def, const char *model);
+virDomainDiskDefGenSecurityLabelDef(const char *model);
+
+void virSecurityLabelDefFree(virSecurityLabelDefPtr def);
+void virSecurityDeviceLabelDefFree(virSecurityDeviceLabelDefPtr def);
typedef const char* (*virEventActionToStringFunc)(int type);
typedef int (*virEventActionFromStringFunc)(const char *type);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 21bc615..e8085a9 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -108,7 +108,6 @@ virDomainControllerTypeToString;
virDomainCpuPlacementModeTypeFromString;
virDomainCpuPlacementModeTypeToString;
virDomainDefAddImplicitControllers;
-virDomainDefAddSecurityLabelDef;
virDomainDefCheckABIStability;
virDomainDefClearCCWAddresses;
virDomainDefClearDeviceAliases;
2 APIs renamed + 2 APIs added in the header, but only one
delete here. I'd expect 6 changes in this file - 2 deletes
and 4 additions.
ACK if you fix that.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|