|
 |
b5548f |
From db2aff6adaa405f0bc998c7bd3158fe43805ee60 Mon Sep 17 00:00:00 2001
|
|
|
b5548f |
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
|
b5548f |
Date: Thu, 20 Sep 2012 14:58:12 +0100
|
|
|
b5548f |
Subject: [PATCH 1/2] Make virSecurityDeviceLabelDefParseXML into generic
|
|
|
b5548f |
device <seclabel> parser.
|
|
|
b5548f |
|
|
|
b5548f |
This is just code motion, allowing us to reuse the same function to
|
|
|
b5548f |
parse the <seclabel> from character devices too.
|
|
|
b5548f |
|
|
|
b5548f |
However it also fixes a possible segfault in the original code if
|
|
|
b5548f |
VIR_ALLOC_N returns an error and the cleanup code (at the error:
|
|
|
b5548f |
label) tries to iterate over the unallocated array (thanks Michal
|
|
|
b5548f |
Privoznik for spotting this).
|
|
|
b5548f |
|
|
|
b5548f |
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
|
|
b5548f |
---
|
|
|
b5548f |
src/conf/domain_conf.c | 43 +++++++++++++++++++++++++------------------
|
|
|
b5548f |
1 file changed, 25 insertions(+), 18 deletions(-)
|
|
|
b5548f |
|
|
|
b5548f |
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
|
|
b5548f |
index 947cc7a..26c2042 100644
|
|
|
b5548f |
--- a/src/conf/domain_conf.c
|
|
|
b5548f |
+++ b/src/conf/domain_conf.c
|
|
|
b5548f |
@@ -3258,29 +3258,30 @@ error:
|
|
|
b5548f |
return -1;
|
|
|
b5548f |
}
|
|
|
b5548f |
|
|
|
b5548f |
+/* Parse the <seclabel> from a disk or character device. */
|
|
|
b5548f |
static int
|
|
|
b5548f |
-virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
|
|
|
b5548f |
+virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDefPtr **seclabels_rtn,
|
|
|
b5548f |
+ size_t *nseclabels_rtn,
|
|
|
b5548f |
virSecurityLabelDefPtr *vmSeclabels,
|
|
|
b5548f |
int nvmSeclabels, xmlXPathContextPtr ctxt)
|
|
|
b5548f |
{
|
|
|
b5548f |
+ virSecurityDeviceLabelDefPtr *seclabels;
|
|
|
b5548f |
+ size_t nseclabels = 0;
|
|
|
b5548f |
int n, i, j;
|
|
|
b5548f |
xmlNodePtr *list = NULL;
|
|
|
b5548f |
virSecurityLabelDefPtr vmDef = NULL;
|
|
|
b5548f |
char *model, *relabel, *label;
|
|
|
b5548f |
|
|
|
b5548f |
- if (def == NULL)
|
|
|
b5548f |
- return 0;
|
|
|
b5548f |
-
|
|
|
b5548f |
if ((n = virXPathNodeSet("./seclabel", ctxt, &list)) == 0)
|
|
|
b5548f |
return 0;
|
|
|
b5548f |
|
|
|
b5548f |
- def->nseclabels = n;
|
|
|
b5548f |
- if (VIR_ALLOC_N(def->seclabels, n) < 0) {
|
|
|
b5548f |
+ if (VIR_ALLOC_N(seclabels, n) < 0) {
|
|
|
b5548f |
virReportOOMError();
|
|
|
b5548f |
goto error;
|
|
|
b5548f |
}
|
|
|
b5548f |
+ nseclabels = n;
|
|
|
b5548f |
for (i = 0; i < n; i++) {
|
|
|
b5548f |
- if (VIR_ALLOC(def->seclabels[i]) < 0) {
|
|
|
b5548f |
+ if (VIR_ALLOC(seclabels[i]) < 0) {
|
|
|
b5548f |
virReportOOMError();
|
|
|
b5548f |
goto error;
|
|
|
b5548f |
}
|
|
|
b5548f |
@@ -3297,7 +3298,7 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
|
|
|
b5548f |
break;
|
|
|
b5548f |
}
|
|
|
b5548f |
}
|
|
|
b5548f |
- def->seclabels[i]->model = model;
|
|
|
b5548f |
+ seclabels[i]->model = model;
|
|
|
b5548f |
}
|
|
|
b5548f |
|
|
|
b5548f |
/* Can't use overrides if top-level doesn't allow relabeling. */
|
|
|
b5548f |
@@ -3311,9 +3312,9 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
|
|
|
b5548f |
relabel = virXMLPropString(list[i], "relabel");
|
|
|
b5548f |
if (relabel != NULL) {
|
|
|
b5548f |
if (STREQ(relabel, "yes")) {
|
|
|
b5548f |
- def->seclabels[i]->norelabel = false;
|
|
|
b5548f |
+ seclabels[i]->norelabel = false;
|
|
|
b5548f |
} else if (STREQ(relabel, "no")) {
|
|
|
b5548f |
- def->seclabels[i]->norelabel = true;
|
|
|
b5548f |
+ seclabels[i]->norelabel = true;
|
|
|
b5548f |
} else {
|
|
|
b5548f |
virReportError(VIR_ERR_XML_ERROR,
|
|
|
b5548f |
_("invalid security relabel value %s"),
|
|
|
b5548f |
@@ -3323,30 +3324,34 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
|
|
|
b5548f |
}
|
|
|
b5548f |
VIR_FREE(relabel);
|
|
|
b5548f |
} else {
|
|
|
b5548f |
- def->seclabels[i]->norelabel = false;
|
|
|
b5548f |
+ seclabels[i]->norelabel = false;
|
|
|
b5548f |
}
|
|
|
b5548f |
|
|
|
b5548f |
ctxt->node = list[i];
|
|
|
b5548f |
label = virXPathStringLimit("string(./label)",
|
|
|
b5548f |
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
|
|
|
b5548f |
- def->seclabels[i]->label = label;
|
|
|
b5548f |
+ seclabels[i]->label = label;
|
|
|
b5548f |
|
|
|
b5548f |
- if (label && def->seclabels[i]->norelabel) {
|
|
|
b5548f |
+ if (label && seclabels[i]->norelabel) {
|
|
|
b5548f |
virReportError(VIR_ERR_XML_ERROR,
|
|
|
b5548f |
_("Cannot specify a label if relabelling is "
|
|
|
b5548f |
"turned off. model=%s"),
|
|
|
b5548f |
- NULLSTR(def->seclabels[i]->model));
|
|
|
b5548f |
+ NULLSTR(seclabels[i]->model));
|
|
|
b5548f |
goto error;
|
|
|
b5548f |
}
|
|
|
b5548f |
}
|
|
|
b5548f |
VIR_FREE(list);
|
|
|
b5548f |
+
|
|
|
b5548f |
+ *nseclabels_rtn = nseclabels;
|
|
|
b5548f |
+ *seclabels_rtn = seclabels;
|
|
|
b5548f |
+
|
|
|
b5548f |
return 0;
|
|
|
b5548f |
|
|
|
b5548f |
error:
|
|
|
b5548f |
- for (i = 0; i < n; i++) {
|
|
|
b5548f |
- virSecurityDeviceLabelDefFree(def->seclabels[i]);
|
|
|
b5548f |
+ for (i = 0; i < nseclabels; i++) {
|
|
|
b5548f |
+ virSecurityDeviceLabelDefFree(seclabels[i]);
|
|
|
b5548f |
}
|
|
|
b5548f |
- VIR_FREE(def->seclabels);
|
|
|
b5548f |
+ VIR_FREE(seclabels);
|
|
|
b5548f |
VIR_FREE(list);
|
|
|
b5548f |
return -1;
|
|
|
b5548f |
}
|
|
|
b5548f |
@@ -3839,7 +3844,9 @@ virDomainDiskDefParseXML(virCapsPtr caps,
|
|
|
b5548f |
if (sourceNode) {
|
|
|
b5548f |
xmlNodePtr saved_node = ctxt->node;
|
|
|
b5548f |
ctxt->node = sourceNode;
|
|
|
b5548f |
- if (virSecurityDeviceLabelDefParseXML(def, vmSeclabels,
|
|
|
b5548f |
+ if (virSecurityDeviceLabelDefParseXML(&def->seclabels,
|
|
|
b5548f |
+ &def->nseclabels,
|
|
|
b5548f |
+ vmSeclabels,
|
|
|
b5548f |
nvmSeclabels,
|
|
|
b5548f |
ctxt) < 0)
|
|
|
b5548f |
goto error;
|
|
|
b5548f |
--
|
|
|
b5548f |
1.7.11.4
|
|
|
b5548f |
|