Re: [libvirt] [PATCH] conf: Fix parsing of seclabels without model
On 08/30/2012 06:42 PM, Jiri Denemark wrote:
But this seems wrong. The only case when model can be missing is when there
is just one seclabel defined and either type is none or type is dynamic,
baselabel is not defined and INACTIVE flags is set. This is the only case in
which we need to guess what model was used and we should be able to just use
the first secModel for that. That is the code is not incorrect but relaxes
the requirements too much. We should require model to be present in all
cases except for the one case needed for backward compatibility.
Ok, no problem. I'll provide a new version of this patch that is more
restricted when assigning a model and another patch suppressing seclabel
for DAC when it is not explicitly defined for a guest.
Jirka