8:20 a.m.
Instead of using the virCapsPtr to get the default security model,
pass this in via the parser config.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/conf/domain_conf.c | 14 +++++++-------
src/conf/domain_conf.h | 1 +
src/qemu/qemu_conf.c | 4 +++-
src/qemu/qemu_conf.h | 3 ++-
src/qemu/qemu_driver.c | 11 ++++++++++-
tests/testutilsqemu.c | 2 +-
6 files changed, 24 insertions(+), 11 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index f037702ac2..8acc91de74 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8911,13 +8911,12 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
static int
virSecurityLabelDefsParseXML(virDomainDefPtr def,
xmlXPathContextPtr ctxt,
- virCapsPtr caps,
+ virDomainXMLOptionPtr xmlopt,
unsigned int flags)
{
VIR_XPATH_NODE_AUTORESTORE(ctxt);
size_t i = 0, j;
int n;
- virCapsHostPtr host = &caps->host;
g_autofree xmlNodePtr *list = NULL;
/* Allocate a security labels based on XML */
@@ -8960,15 +8959,16 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def,
*/
if (def->nseclabels == 1 &&
!def->seclabels[0]->model &&
- host->nsecModels > 0) {
+ xmlopt != NULL &&
+ xmlopt->config.defSecModel != NULL) {
if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_NONE ||
(def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
!def->seclabels[0]->baselabel &&
(flags & VIR_DOMAIN_DEF_PARSE_INACTIVE))) {
/* Copy model from host. */
VIR_DEBUG("Found seclabel without a model, using '%s'",
- host->secModels[0].model);
- def->seclabels[0]->model = g_strdup(host->secModels[0].model);
+ xmlopt->config.defSecModel);
+ def->seclabels[0]->model = g_strdup(xmlopt->config.defSecModel);
if (STREQ(def->seclabels[0]->model, "none") &&
flags & VIR_DOMAIN_DEF_PARSE_INACTIVE) {
@@ -19733,7 +19733,7 @@ virDomainMemorytuneDefParse(virDomainDefPtr def,
static virDomainDefPtr
virDomainDefParseXML(xmlDocPtr xml,
xmlXPathContextPtr ctxt,
- virCapsPtr caps,
+ virCapsPtr caps G_GNUC_UNUSED,
virDomainXMLOptionPtr xmlopt,
unsigned int flags)
{
@@ -19841,7 +19841,7 @@ virDomainDefParseXML(xmlDocPtr xml,
/* analysis of security label, done early even though we format it
* late, so devices can refer to this for defaults */
if (!(flags & VIR_DOMAIN_DEF_PARSE_SKIP_SECLABEL)) {
- if (virSecurityLabelDefsParseXML(def, ctxt, caps, flags) == -1)
+ if (virSecurityLabelDefsParseXML(def, ctxt, xmlopt, flags) == -1)
goto error;
}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index e85d3bd5b5..af57e288e9 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2707,6 +2707,7 @@ struct _virDomainDefParserConfig {
unsigned char macPrefix[VIR_MAC_PREFIX_BUFLEN];
virArch defArch;
const char *netPrefix;
+ const char *defSecModel;
};
typedef void *(*virDomainXMLPrivateDataAllocFunc)(void *);
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 53658c80e8..053bcc7e02 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1191,9 +1191,11 @@ virQEMUDriverIsPrivileged(virQEMUDriverPtr driver)
}
virDomainXMLOptionPtr
-virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver)
+virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver,
+ const char *defsecmodel)
{
virQEMUDriverDomainDefParserConfig.priv = driver;
+ virQEMUDriverDomainDefParserConfig.defSecModel = defsecmodel;
return virDomainXMLOptionNew(&virQEMUDriverDomainDefParserConfig,
&virQEMUDriverPrivateDataCallbacks,
&virQEMUDriverDomainXMLNamespace,
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 7c56226b8c..8b6c2a95d4 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -366,7 +366,8 @@ int qemuRemoveSharedDisk(virQEMUDriverPtr driver,
int qemuSetUnprivSGIO(virDomainDeviceDefPtr dev);
int qemuDriverAllocateID(virQEMUDriverPtr driver);
-virDomainXMLOptionPtr virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver);
+virDomainXMLOptionPtr virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver,
+ const char *defsecmodel);
int qemuTranslateSnapshotDiskSourcePool(virDomainSnapshotDiskDefPtr def);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 891ca28d94..93a92dad36 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -656,6 +656,8 @@ qemuStateInitialize(bool privileged,
g_autofree char *memoryBackingPath = NULL;
bool autostart = true;
size_t i;
+ const char *defsecmodel = NULL;
+ g_autofree virSecurityManagerPtr *sec_managers = NULL;
if (VIR_ALLOC(qemu_driver) < 0)
return VIR_DRV_STATE_INIT_ERROR;
@@ -916,7 +918,14 @@ qemuStateInitialize(bool privileged,
if ((qemu_driver->caps = virQEMUDriverCreateCapabilities(qemu_driver)) == NULL)
goto error;
- if (!(qemu_driver->xmlopt = virQEMUDriverCreateXMLConf(qemu_driver)))
+ if (!(sec_managers = qemuSecurityGetNested(qemu_driver->securityManager)))
+ goto error;
+
+ if (sec_managers[0] != NULL)
+ defsecmodel = qemuSecurityGetModel(sec_managers[0]);
+
+ if (!(qemu_driver->xmlopt = virQEMUDriverCreateXMLConf(qemu_driver,
+ defsecmodel)))
goto error;
/* If hugetlbfs is present, then we need to create a sub-directory within
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index 0ca690a1ed..c24b3098a5 100644
--- a/tests/testutilsqemu.c
+++ b/tests/testutilsqemu.c
@@ -402,7 +402,7 @@ int qemuTestDriverInit(virQEMUDriver *driver)
if (!driver->qemuCapsCache)
goto error;
- driver->xmlopt = virQEMUDriverCreateXMLConf(driver);
+ driver->xmlopt = virQEMUDriverCreateXMLConf(driver, "none");
if (!driver->xmlopt)
goto error;
--
2.23.0