[libvirt] [PATCH 2/2] conf: Don't always require security/@model

Only parse model, if static labelling, or a base label is set, or doing active XML. --- src/conf/domain_conf.c | 39 ++++++++++++++++++++++++--------------- 1 files changed, 24 insertions(+), 15 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 419088c..0f7bf78 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3121,14 +3121,22 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, def->baselabel = p; } - /* Always parse model */ - p = virXPathStringLimit("string(./@model)", - VIR_SECURITY_MODEL_BUFLEN-1, ctxt); - if (p == NULL && def->type != VIR_DOMAIN_SECLABEL_NONE) { - virReportError(VIR_ERR_XML_ERROR, - "%s", _("missing security model")); + /* Only parse model, if static labelling, or a base + * label is set, or doing active XML + */ + if (def->type == VIR_DOMAIN_SECLABEL_STATIC || + def->baselabel || + (!(flags & VIR_DOMAIN_XML_INACTIVE) && + def->type != VIR_DOMAIN_SECLABEL_NONE)) { + + p = virXPathStringLimit("string(./@model)", + VIR_SECURITY_MODEL_BUFLEN-1, ctxt); + if (p == NULL && def->type != VIR_DOMAIN_SECLABEL_NONE) { + virReportError(VIR_ERR_XML_ERROR, + "%s", _("missing security model")); + } + def->model = p; } - def->model = p; return def; @@ -3225,11 +3233,7 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def, for (i = 0; i < n; i++) { /* get model associated to this override */ model = virXMLPropString(list[i], "model"); - if (model == NULL) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("invalid security model")); - goto error; - } else { + if (model) { /* find the security label that it's being overriden */ for (j = 0; j < nvmSeclabels; j++) { if (STREQ(vmSeclabels[j]->model, model)) { @@ -3275,7 +3279,7 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def, virReportError(VIR_ERR_XML_ERROR, _("Cannot specify a label if relabelling is " "turned off. model=%s"), - def->seclabels[i]->model); + NULLSTR(def->seclabels[i]->model)); goto error; } } @@ -11271,8 +11275,13 @@ static void virSecurityDeviceLabelDefFormat(virBufferPtr buf, virSecurityDeviceLabelDefPtr def) { - virBufferAsprintf(buf, "<seclabel model='%s' relabel='%s'", - def->model, def->norelabel ? "no" : "yes"); + virBufferAsprintf(buf, "<seclabel"); + + if (def->model) + virBufferAsprintf(buf, " model='%s'", def->model); + + virBufferAsprintf(buf, " relabel='%s'", def->norelabel ? "no" : "yes"); + if (def->label) { virBufferAddLit(buf, ">\n"); virBufferEscapeString(buf, " <label>%s</label>\n", -- 1.7.8.6