On 01/12/2011 10:23 AM, Cole Robinson wrote:
Make the SecurityManager explicitly handle the case when seclabel model='none'.
Signed-off-by: Cole Robinson <crobinso@redhat.com> --- src/security/security_manager.c | 90 +++++++++++++------- .../qemuxml2xml-seclabel-model-none-in.xml | 21 +++++ .../qemuxml2xml-seclabel-model-none-out.xml | 21 +++++ tests/qemuxml2xmltest.c | 1 + 4 files changed, 101 insertions(+), 32 deletions(-) create mode 100644 tests/qemuxml2xmldata/qemuxml2xml-seclabel-model-none-in.xml create mode 100644 tests/qemuxml2xmldata/qemuxml2xml-seclabel-model-none-out.xml
I agree with Daniel's NACK to this patch - when security is enabled globally, allowing just one rogue domain can invalidate all others. And when security is not enabled, <seclabel> is an illusion not aided by an XML marking. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org