On Tue, Mar 03, 2009 at 09:08:20AM -0500, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, Feb 27, 2009 at 03:37:55PM -0500, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Another patch off latest repository.
This patch does not require the XML to include a label, although this is still supported.
Implemented most of the comments from Jim. make check and make syntax-check passes, Added seclabeltest.c to run in tests, Updated capability.rng, although not really sure I did it right.
This patch will generate random MCS Labels and relabels the image files to match. Seems to work well on F11.
I had a few problems with label generation on my F11 machine - perhaps you have a newer version of the patch than the one I applied.
I found I need the following additional patch..
- Make domainGenSecurityLabel() give diagnostics for each type of error instead of using generic error message in caller - Change logic bug 'c1 == c2' to 'c1 < c2' - Change 'c%d,c%d' to 'c%d.c%d' - it doesn't like labels with the form "c210,c502" only wanting "c210.c502" This does not make sense. c210,c502 is valid. c210.c502 means include
Daniel P. Berrange wrote: the range. c210, c211, c212...c502.
Hmm, I reverted this bit of the change & it works fine now - it was probably one of the other bugs (or outdated RPMs) that caused the original failure Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|