On 07/10/2014 10:04 AM, Michal Privoznik wrote:
diff to v1: - rework the 3rd patch - introduce one more bugfix
Michal Privoznik (4): virSecurityLabelDef: substitute 'norelabel' with 'relabel' virSecurityDeviceLabelDef: substitute 'norelabel' with 'relabel' conf: Always format seclabel's model conf: Don't allow multiple seclabels for same model
src/conf/domain_conf.c | 67 ++++++++++++---------- src/security/security_apparmor.c | 10 ++-- src/security/security_dac.c | 22 +++---- src/security/security_manager.c | 2 +- src/security/security_selinux.c | 32 +++++------ src/util/virseclabel.c | 2 +- src/util/virseclabel.h | 4 +- .../qemuxml2argv-seclabel-dynamic-none.xml | 28 +++++++++ .../qemuxml2argv-seclabel-multiple.xml | 40 +++++++++++++ tests/qemuxml2argvtest.c | 1 + tests/qemuxml2xmltest.c | 1 + 11 files changed, 142 insertions(+), 67 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-none.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-multiple.xml
There's a Coverity issue from these patches - it looks like perhaps patch 1&2 were combined when submitted into commit id '13adf1b' which has: virSecurityLabelDefPtr virSecurityLabelDefNew(const char *model) { virSecurityLabelDefPtr seclabel = NULL; if (VIR_ALLOC(seclabel) < 0 || VIR_STRDUP(seclabel->model, model) < 0) { virSecurityLabelDefFree(seclabel); seclabel = NULL; } + seclabel->relabel = true; + return seclabel; } See the problem at all? It's a FORWARD_NULL on 'seclabel'. John