On 2011年12月23日 08:47, Eric Blake wrote:
A future patch will parse and output<seclabel> in more than one location in a<domain> xml; make it easier to reuse code.
* src/conf/domain_conf.c (virSecurityLabelDefFree): Rename... (virSecurityLabelDefClear): ...and make static. (virSecurityLabelDefParseXML): Alter signature. (virDomainDefParseXML, virDomainDefFree): Adjust callers. (virDomainDefFormatInternal): Split output... (virSecurityLabelDefFormat): ...into new helper. --- src/conf/domain_conf.c | 118 ++++++++++++++++++++++++++--------------------- 1 files changed, 65 insertions(+), 53 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 2897b4a..2379c81 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1326,14 +1326,13 @@ void virDomainDeviceDefFree(virDomainDeviceDefPtr def) VIR_FREE(def); }
-void virSecurityLabelDefFree(virDomainDefPtr def); - -void virSecurityLabelDefFree(virDomainDefPtr def) +static void +virSecurityLabelDefClear(virSecurityLabelDefPtr def) { - VIR_FREE(def->seclabel.model); - VIR_FREE(def->seclabel.label); - VIR_FREE(def->seclabel.imagelabel); - VIR_FREE(def->seclabel.baselabel); + VIR_FREE(def->model); + VIR_FREE(def->label); + VIR_FREE(def->imagelabel); + VIR_FREE(def->baselabel); }
static void @@ -1467,7 +1466,7 @@ void virDomainDefFree(virDomainDefPtr def)
virDomainMemballoonDefFree(def->memballoon);
- virSecurityLabelDefFree(def); + virSecurityLabelDefClear(&def->seclabel);
virCPUDefFree(def->cpu);
@@ -6212,7 +6211,7 @@ static int virDomainLifecycleParseXML(xmlXPathContextPtr ctxt, }
static int -virSecurityLabelDefParseXML(const virDomainDefPtr def, +virSecurityLabelDefParseXML(virSecurityLabelDefPtr def, xmlXPathContextPtr ctxt, unsigned int flags) { @@ -6228,9 +6227,9 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, "%s", _("missing security type")); goto error; } - def->seclabel.type = virDomainSeclabelTypeFromString(p); + def->type = virDomainSeclabelTypeFromString(p); VIR_FREE(p); - if (def->seclabel.type< 0) { + if (def->type< 0) { virDomainReportError(VIR_ERR_XML_ERROR, "%s", _("invalid security type")); goto error; @@ -6239,9 +6238,9 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, VIR_SECURITY_LABEL_BUFLEN-1, ctxt); if (p != NULL) { if (STREQ(p, "yes")) { - def->seclabel.norelabel = false; + def->norelabel = false; } else if (STREQ(p, "no")) { - def->seclabel.norelabel = true; + def->norelabel = true; } else { virDomainReportError(VIR_ERR_XML_ERROR, _("invalid security relabel value %s"), p); @@ -6249,23 +6248,23 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, goto error; } VIR_FREE(p); - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC&& - def->seclabel.norelabel) { + if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC&& + def->norelabel) { virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("dynamic label type must use resource relabeling")); goto error; } } else { - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) - def->seclabel.norelabel = true; + if (def->type == VIR_DOMAIN_SECLABEL_STATIC) + def->norelabel = true; else - def->seclabel.norelabel = false; + def->norelabel = false; }
/* Only parse label, if using static labels, or * if the 'live' VM XML is requested */ - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC || + if (def->type == VIR_DOMAIN_SECLABEL_STATIC || !(flags& VIR_DOMAIN_XML_INACTIVE)) { p = virXPathStringLimit("string(./seclabel/label[1])", VIR_SECURITY_LABEL_BUFLEN-1, ctxt); @@ -6275,11 +6274,11 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, goto error; }
- def->seclabel.label = p; + def->label = p; }
/* Only parse imagelabel, if requested live XML with relabeling */ - if (!def->seclabel.norelabel&& + if (!def->norelabel&& !(flags& VIR_DOMAIN_XML_INACTIVE)) { p = virXPathStringLimit("string(./seclabel/imagelabel[1])", VIR_SECURITY_LABEL_BUFLEN-1, ctxt); @@ -6288,22 +6287,22 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, "%s", _("security imagelabel is missing")); goto error; } - def->seclabel.imagelabel = p; + def->imagelabel = p; }
/* Only parse baselabel, for dynamic label */ - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) { + if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC) { p = virXPathStringLimit("string(./seclabel/baselabel[1])", VIR_SECURITY_LABEL_BUFLEN-1, ctxt); if (p != NULL) - def->seclabel.baselabel = p; + def->baselabel = p; }
/* Only parse model, if static labelling, or a base * label is set, or doing active XML */ - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC || - def->seclabel.baselabel || + if (def->type == VIR_DOMAIN_SECLABEL_STATIC || + def->baselabel || !(flags& VIR_DOMAIN_XML_INACTIVE)) { p = virXPathStringLimit("string(./seclabel/@model)", VIR_SECURITY_MODEL_BUFLEN-1, ctxt); @@ -6312,13 +6311,13 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def, "%s", _("missing security model")); goto error; } - def->seclabel.model = p; + def->model = p; }
return 0;
error: - virSecurityLabelDefFree(def); + virSecurityLabelDefClear(def); return -1; }
@@ -7939,7 +7938,7 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps, VIR_FREE(nodes);
/* analysis of security label */ - if (virSecurityLabelDefParseXML(def, ctxt, flags) == -1) + if (virSecurityLabelDefParseXML(&def->seclabel, ctxt, flags) == -1) goto error;
if ((node = virXPathNode("./cpu[1]", ctxt)) != NULL) { @@ -9739,6 +9738,40 @@ virDomainLifecycleDefFormat(virBufferPtr buf,
static int +virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def, + unsigned int flags) +{ + const char *sectype = virDomainSeclabelTypeToString(def->type); + int ret = -1; + + if (!sectype) + goto cleanup; + + if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC&& + !def->baselabel&& + (flags& VIR_DOMAIN_XML_INACTIVE)) { + /* This is the default for inactive xml, so nothing to output. */ + } else { + virBufferAsprintf(buf, "<seclabel type='%s' model='%s' relabel='%s'>\n", + sectype, def->model, + def->norelabel ? "no" : "yes"); + virBufferEscapeString(buf, "<label>%s</label>\n", + def->label); + if (!def->norelabel) + virBufferEscapeString(buf, "<imagelabel>%s</imagelabel>\n", + def->imagelabel); + if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC) + virBufferEscapeString(buf, "<baselabel>%s</baselabel>\n", + def->baselabel); + virBufferAddLit(buf, "</seclabel>\n"); + } + ret = 0; +cleanup: + return ret; +} + + +static int virDomainLeaseDefFormat(virBufferPtr buf, virDomainLeaseDefPtr def) { @@ -11679,31 +11712,10 @@ virDomainDefFormatInternal(virDomainDefPtr def, virBufferAddLit(buf, "</devices>\n");
if (def->seclabel.model) { - const char *sectype = virDomainSeclabelTypeToString(def->seclabel.type); - if (!sectype) + virBufferAdjustIndent(buf, 2); + if (virSecurityLabelDefFormat(buf,&def->seclabel, flags)< 0) goto cleanup; - - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC&& - !def->seclabel.baselabel&& - (flags& VIR_DOMAIN_XML_INACTIVE)) { - /* This is the default for inactive xml, so nothing to output. */ - } else { - virBufferAsprintf(buf, "<seclabel type='%s' model='%s' " - "relabel='%s'>\n", - sectype, def->seclabel.model, - def->seclabel.norelabel ? "no" : "yes"); - virBufferEscapeString(buf, "<label>%s</label>\n", - def->seclabel.label); - if (!def->seclabel.norelabel) - virBufferEscapeString(buf, - "<imagelabel>%s</imagelabel>\n", - def->seclabel.imagelabel); - if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) - virBufferEscapeString(buf, - "<baselabel>%s</baselabel>\n", - def->seclabel.baselabel); - virBufferAddLit(buf, "</seclabel>\n"); - } + virBufferAdjustIndent(buf, -2); }
if (def->namespaceData&& def->ns.format) {
ACK.