[libvirt] [PATCH 3/3] conf: Disallow <seclabel type='none' relabel='yes'/>

Wednesday, 9 July 2014

https://bugzilla.redhat.com/show_bug.cgi?id=1113860

The combination of type='none' and relabel='yes' makes no sense as
'none' type basically means relabel='no'.

Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt;
---
 src/conf/domain_conf.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index f75c0cb..4215565 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4614,8 +4614,14 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt,
     /* For the model 'none' none of the following labels is going to be
      * present. Hence, return now. */
 
-    if (STREQ_NULLABLE(def->model, "none"))
+    if (STREQ_NULLABLE(def->model, "none")) {
+        if (def->relabel) {
+            virReportError(VIR_ERR_XML_DETAIL, "%s",
+                           _("model 'none' does not allow
relabeling"));
+            goto error;
+        }
         return def;
+    }
 
     /* Only parse label, if using static labels, or
      * if the 'live' VM XML is requested
-- 
1.8.5.5


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH 3/3] conf: Disallow <seclabel type='none' relabel='yes'/>