Re: [libvirt] [PATCH] conf: format runtime DAC seclabel, unless MIGRATABLE

On Sat, Apr 23, 2016 at 02:51:26PM -0400, Cole Robinson wrote: > We historically format runtime seclabel selinux/apparmor values, > however we skip formatting runtime DAC values. This was added in > > commit 990e46c4542349f838e001d30638872576c389e9 > Author: Marcelo Cerri <mhcerri(a)linux.vnet.ibm.com&gt; > Date: Fri Aug 31 13:40:41 2012 +0200 > > conf: Avoid formatting auto-generated DAC labels > > to maintain migration compatibility with libvirt < 0.10.0. > > However the formatting was skipped unconditionally. Instead only > skip formatting in the VIR_DOMAIN_DEF_FORMAT_MIGRATABLE case. > This all makes sense, but when I started tying it I've found it may still cause some problems. Probably. The problem is that I have no idea whether it's safer to use number or a name as the uid/gid. But since we have that parsing code in place and this patch is not about that, so we can deal with that later. ACK