Re: [libvirt] [PATCH 5/8] Support seclabels for volume type disk

"seclabels" is only valid for 'file' or 'block' type storage volume. --- docs/formatdomain.html.in | 6 ++++-- docs/schemas/domaincommon.rng | 3 +++ src/conf/domain_conf.c | 20 ++++++++++++++------ .../qemuxml2argv-disk-source-pool.xml | 6 +++++- 4 files changed, 26 insertions(+), 9 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index ce185a9..44e7f28 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -1439,11 +1439,13 @@ path to the file holding the disk. If the disk <code>type</code> is "block", then the <code>dev</code> attribute specifies the path to the host device to serve as - the disk. With both "file" and "block", one or more optional + the disk. With "file", "block", and "volume", one or more optional sub-elements <code>seclabel</code>, <a href="#seclabel">described below</a> (and <span class="since">since 0.9.9</span>), can be used to override the domain security labeling policy for just - that source file. If the disk <code>type</code> is "dir", then the + that source file. (NB, for "volume" type disk, <code>seclable</code>

+ is only valid when the specified storage volume is of 'file' or + 'block' type). If the disk <code>type</code> is "dir", then the <code>dir</code> attribute specifies the fully-qualified path to the directory to use as the disk. If the disk <code>type</code> is "network", then the <code>protocol</code> attribute specifies diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 4e7e712..80749e1 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1106,6 +1106,9 @@ <optional> <ref name="startupPolicy"/> </optional> + <optional> + <ref name='devSeclabel'/> + </optional> </element> </optional> <ref name="diskspec"/> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index c1d2cbb..7f5e727 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -12888,16 +12888,24 @@ virDomainDiskSourceDefFormat(virBufferPtr buf, } break; case VIR_DOMAIN_DISK_TYPE_VOLUME: - /* Parsing guarantees the def->srcpool->volume cannot be NULL - * if def->srcpool->pool is not NULL. - */ + virBufferAddLit(buf, " <source"); + if (def->srcpool) - virBufferAsprintf(buf, " <source pool='%s' volume='%s'", + virBufferAsprintf(buf, " pool='%s' volume='%s'", def->srcpool->pool, def->srcpool->volume); if (def->startupPolicy) - virBufferEscapeString(buf, " startupPolicy='%s'/>\n", startupPolicy); - else + virBufferEscapeString(buf, " startupPolicy='%s'", startupPolicy); + + if (def->nseclabels) { + virBufferAddLit(buf, ">\n"); + virBufferAdjustIndent(buf, 8); + for (n = 0; n < def->nseclabels; n++) + virSecurityDeviceLabelDefFormat(buf, def->seclabels[n]); + virBufferAdjustIndent(buf, -8); + virBufferAddLit(buf, " </source>\n"); + } else { virBufferAddLit(buf, "/>\n"); + } break; default: virReportError(VIR_ERR_INTERNAL_ERROR, diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml index a218e78..acf9753 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml @@ -15,7 +15,11 @@ <devices> <emulator>/usr/bin/qemu</emulator> <disk type='volume' device='cdrom'> - <source pool='blk-pool0' volume='blk-pool0-vol0' startupPolicy='optional'/> + <source pool='blk-pool0' volume='blk-pool0-vol0' startupPolicy='optional'> + <seclabel model='selinux' relabel='yes'> + <label>system_u:system_r:public_content_t:s0</label> + </seclabel> + </source> <target dev='hda' bus='ide'/> <readonly/> <address type='drive' controller='0' bus='0' target='0' unit='1'/>