Re: [libvirt] [PATCH 1/2] conf: Fix even implicit labels

https://bugzilla.redhat.com/show_bug.cgi?id=1027096#c8 There are two ways in which security model can make it way into <seclabel/>. One is as the @model attribute, the second one is via security_driver knob in qemu.conf. Then, while parsing <seclabel/> several checks and fix ups of old, stale combinations are performed. However, iff @model is specified. They are not done in the latter case. So it's still possible to feed libvirt with senseless combinations (if qemu.conf is adjusted correctly).

One example of a seclabel that needs some adjustment (in case security_driver=none in qemu.conf) is: <seclabel type='dynamic' relabel='yes'/> The fixup code is copied from virSecurityLabelDefParseXML (covering the former case) into virSecurityLabelDefsParseXML (which handles the latter case). Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- src/conf/domain_conf.c | 7 +++++++ 1 file changed, 7 insertions(+)