On 06/27/2011 06:20 AM, Daniel P. Berrange wrote:
Add a new attribute to the <seclabel> XML to allow resource relabelling to be enabled with static label usage.
<seclabel model='selinux' type='static' relabel='yes'> <label>system_u:system_r:svirt_t:s0:c392,c662</label> </seclabel>
* docs/schemas/domain.rng: Add relabel attribute
Missing docs/formatdomain.html.in counterpart.
+++ b/src/conf/domain_conf.c @@ -5072,6 +5072,30 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, "%s", _("invalid security type")); goto error; } + p = virXPathStringLimit("string(./seclabel/@relabel)", + VIR_SECURITY_LABEL_BUFLEN-1, ctxt); + if (p != NULL) { + if (STREQ(p, "yes")) { + def->seclabel.relabel = true; + } else if (STREQ(p, "no")) { + def->seclabel.relabel = false; + } else { + virDomainReportError(VIR_ERR_XML_ERROR, + _("invalid security relabel value %s"), p); + goto error; + } + if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && + !def->seclabel.relabel) { + virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED, + "%s", _("dynamic label type must use resource relabelling"));
s/relabelling/relabeling/ since user-visible messages should prefer US spelling (double-l is UK spelling). A proper en_UK locale .po file would then get the UK spelling (do we have one of those?). -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org