From f1589cb88dc71bb7bf20a4a3a14f79b36228fdd2 Mon Sep 17 00:00:00 2001
Message-Id: <f1589cb88dc71bb7bf20a4a3a14f79b36228fdd2@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 20 Jun 2019 17:45:02 +0200
Subject: [PATCH] docs: schemas: Add 'seclabel' for external disk snapshot

Allow using seclabels the same way as disk images allow it. Currently
the snapshot code copies the seclabels from the original image if no
seclabel is provided. Also there's no code change required as the
snapshot XML parser actually uses parts of the disk parser thus
seclabels are already parsed and formatted and even applied thus this is
just a formalization of our support for this.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit ac88a8cfad1c93897ddbbfa1cc1aabcf0245255c)
https: //bugzilla.redhat.com/show_bug.cgi?id=1584682
Message-Id: <9a9636c4fb2cf2f6d08056ad13b6c7dc94611b90.1561045343.git.pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
 docs/formatsnapshot.html.in                          | 12 ++++++++++++
 docs/schemas/domainsnapshot.rng                      |  6 ++++++
 .../{disk-seclabel-invalid.xml => disk-seclabel.xml} |  0
 3 files changed, 18 insertions(+)
 rename tests/domainsnapshotxml2xmlin/{disk-seclabel-invalid.xml => disk-seclabel.xml} (100%)

diff --git a/docs/formatsnapshot.html.in b/docs/formatsnapshot.html.in
index 23f20d7c33..bcd9e72983 100644
--- a/docs/formatsnapshot.html.in
+++ b/docs/formatsnapshot.html.in
@@ -173,6 +173,12 @@
               snapshots, the original file name becomes the read-only
               snapshot, and the new file name contains the read-write
               delta of all disk changes since the snapshot.
+              <p/>
+              The <code>source</code> element also may contain the
+              <code>seclabel</code> element (described in the
+              <a href="formatdomain.html#seclabel">domain XML documentation</a>)
+              which can be used to override the domain security labeling policy
+              for <code>source</code>.
               </dd>
               <dt><code>driver</code></dt>
               <dd>An optional sub-element <code>driver</code>,
@@ -180,6 +186,7 @@
               as qcow2), of the new file created by the external
               snapshot of the new file.
               </dd>
+              <dt><code>seclabel</code></dt>
             </dl>
 
             <span class="since">Since 1.2.2</span> the <code>disk</code> element
@@ -255,6 +262,11 @@
       &lt;source file='/path/to/new'/&gt;
     &lt;/disk&gt;
     &lt;disk name='vdb' snapshot='no'/&gt;
+    &lt;disk name='vdc'&gt;
+      &lt;source file='/path/to/newc'&gt;
+        &lt;seclabel model='dac' relabel='no'/&gt;
+      &lt;/source&gt;
+    &lt;/disk&gt;
   &lt;/disks&gt;
 &lt;/domainsnapshot&gt;</pre>
 
diff --git a/docs/schemas/domainsnapshot.rng b/docs/schemas/domainsnapshot.rng
index 2680887095..005a573928 100644
--- a/docs/schemas/domainsnapshot.rng
+++ b/docs/schemas/domainsnapshot.rng
@@ -158,6 +158,9 @@
                     <optional>
                       <ref name='storageStartupPolicy'/>
                     </optional>
+                    <zeroOrMore>
+                      <ref name='devSeclabel'/>
+                    </zeroOrMore>
                     <empty/>
                   </element>
                 </optional>
@@ -174,6 +177,9 @@
                     <attribute name="dev">
                       <ref name="absFilePath"/>
                     </attribute>
+                    <zeroOrMore>
+                      <ref name='devSeclabel'/>
+                    </zeroOrMore>
                     <empty/>
                   </element>
                 </optional>
diff --git a/tests/domainsnapshotxml2xmlin/disk-seclabel-invalid.xml b/tests/domainsnapshotxml2xmlin/disk-seclabel.xml
similarity index 100%
rename from tests/domainsnapshotxml2xmlin/disk-seclabel-invalid.xml
rename to tests/domainsnapshotxml2xmlin/disk-seclabel.xml
-- 
2.22.1