From f1589cb88dc71bb7bf20a4a3a14f79b36228fdd2 Mon Sep 17 00:00:00 2001

Message-Id: <f1589cb88dc71bb7bf20a4a3a14f79b36228fdd2@dist-git>

From: Peter Krempa <pkrempa@redhat.com>

Date: Thu, 20 Jun 2019 17:45:02 +0200

Subject: [PATCH] docs: schemas: Add 'seclabel' for external disk snapshot

Allow using seclabels the same way as disk images allow it. Currently

the snapshot code copies the seclabels from the original image if no

seclabel is provided. Also there's no code change required as the

snapshot XML parser actually uses parts of the disk parser thus

seclabels are already parsed and formatted and even applied thus this is

just a formalization of our support for this.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>

Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

(cherry picked from commit ac88a8cfad1c93897ddbbfa1cc1aabcf0245255c)

https: //bugzilla.redhat.com/show_bug.cgi?id=1584682

Message-Id: <9a9636c4fb2cf2f6d08056ad13b6c7dc94611b90.1561045343.git.pkrempa@redhat.com>

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

---

 docs/formatsnapshot.html.in                          | 12 ++++++++++++

 docs/schemas/domainsnapshot.rng                      |  6 ++++++

 .../{disk-seclabel-invalid.xml => disk-seclabel.xml} |  0

 3 files changed, 18 insertions(+)

 rename tests/domainsnapshotxml2xmlin/{disk-seclabel-invalid.xml => disk-seclabel.xml} (100%)

diff --git a/docs/formatsnapshot.html.in b/docs/formatsnapshot.html.in

index 23f20d7c33..bcd9e72983 100644

--- a/docs/formatsnapshot.html.in

+++ b/docs/formatsnapshot.html.in

@@ -173,6 +173,12 @@

               snapshots, the original file name becomes the read-only

               snapshot, and the new file name contains the read-write

               delta of all disk changes since the snapshot.

+              

+              The source element also may contain the

+              seclabel element (described in the

+              domain XML documentation)

+              which can be used to override the domain security labeling policy

+              for source.

               
driver

               
An optional sub-element driver,

@@ -180,6 +186,7 @@

               as qcow2), of the new file created by the external

               snapshot of the new file.

+              
seclabel

             Since 1.2.2 the disk element

@@ -255,6 +262,11 @@

       <source file='/path/to/new'/>

     </disk>

     <disk name='vdb' snapshot='no'/>

+    <disk name='vdc'>

+      <source file='/path/to/newc'>

+        <seclabel model='dac' relabel='no'/>

+      </source>

+    </disk>

   </disks>

 </domainsnapshot>

diff --git a/docs/schemas/domainsnapshot.rng b/docs/schemas/domainsnapshot.rng

index 2680887095..005a573928 100644

--- a/docs/schemas/domainsnapshot.rng

+++ b/docs/schemas/domainsnapshot.rng

@@ -158,6 +158,9 @@

                     <optional>

                       <ref name='storageStartupPolicy'/>

                     </optional>

+                    <zeroOrMore>

+                      <ref name='devSeclabel'/>

+                    </zeroOrMore>

                     <empty/>

                   </element>

                 </optional>

@@ -174,6 +177,9 @@

                     <attribute name="dev">

                       <ref name="absFilePath"/>

                     </attribute>

+                    <zeroOrMore>

+                      <ref name='devSeclabel'/>

+                    </zeroOrMore>

                     <empty/>

                   </element>

                 </optional>

diff --git a/tests/domainsnapshotxml2xmlin/disk-seclabel-invalid.xml b/tests/domainsnapshotxml2xmlin/disk-seclabel.xml

similarity index 100%

rename from tests/domainsnapshotxml2xmlin/disk-seclabel-invalid.xml

rename to tests/domainsnapshotxml2xmlin/disk-seclabel.xml

-- 

2.22.1