Re: [libvirt] [PATCH 2/3] Allow for resource relabelling with static labels
On 06/27/2011 06:20 AM, Daniel P. Berrange wrote:
Add a new attribute to the <seclabel> XML to allow resource
relabelling to be enabled with static label usage.
<seclabel model='selinux' type='static' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c392,c662</label>
</seclabel>
* docs/schemas/domain.rng: Add relabel attribute
Missing docs/formatdomain.html.in counterpart.
+++ b/src/conf/domain_conf.c
@@ -5072,6 +5072,30 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def,
"%s", _("invalid security type"));
goto error;
}
+ p = virXPathStringLimit("string(./seclabel/@relabel)",
+ VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
+ if (p != NULL) {
+ if (STREQ(p, "yes")) {
+ def->seclabel.relabel = true;
+ } else if (STREQ(p, "no")) {
+ def->seclabel.relabel = false;
+ } else {
+ virDomainReportError(VIR_ERR_XML_ERROR,
+ _("invalid security relabel value %s"), p);
+ goto error;
+ }
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+ !def->seclabel.relabel) {
+ virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ "%s", _("dynamic label type must use
resource relabelling"));
s/relabelling/relabeling/ since user-visible messages should prefer US
spelling (double-l is UK spelling). A proper en_UK locale .po file
would then get the UK spelling (do we have one of those?).
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 619 bytes)