diff options
| author |   Marcelo Cerri <mhcerri@linux.vnet.ibm.com> | 2012-08-15 19:10:36 -0300 |
|---|---|---|
| committer |   Michal Privoznik <mprivozn@redhat.com> | 2012-08-20 19:13:33 +0200 |
| commit | e9377dda367b847b5a15dac1403bcdf19f05438a (patch) | |
| tree | 1ce227597dea52e33a0f945bd85521b2d63696e5 /docs | |
| parent | Internal refactory of data structures (diff) | |
| download | libvirt-e9377dda367b847b5a15dac1403bcdf19f05438a.tar.gz libvirt-e9377dda367b847b5a15dac1403bcdf19f05438a.tar.bz2 libvirt-e9377dda367b847b5a15dac1403bcdf19f05438a.zip | |
Multiple security drivers in XML data
This patch updates the domain and capability XML parser and formatter to
support more than one "seclabel" element for each domain and device. The
RNG schema and the tests related to this are also updated by this patch.
Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/formatdomain.html.in | 11 | ||||
| -rw-r--r-- | docs/schemas/capability.rng | 18 | ||||
| -rw-r--r-- | docs/schemas/domaincommon.rng | 30 |
3 files changed, 41 insertions, 18 deletions
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 2c5c45632..8e0748977 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -1275,8 +1275,8 @@ path to the file holding the disk. If the disk <code>type</code> is "block", then the <code>dev</code> attribute specifies the path to the host device to serve as - the disk. With both "file" and "block", an optional - sub-element <code>seclabel</code>, <a href="#seclabel">described + the disk. With both "file" and "block", one or more optional + sub-elements <code>seclabel</code>, <a href="#seclabel">described below</a> (and <span class="since">since 0.9.9</span>), can be used to override the domain security labeling policy for just that source file. If the disk <code>type</code> is "dir", then the @@ -3920,6 +3920,13 @@ qemu-kvm -net nic,model=? /dev/null </p> <p> + If more than one security driver is used by libvirt, multiple + <code>seclabel</code> tags can be used, one for each driver and + the security driver referenced by each tag can be defined using + the attribute <code>model</code> + </p> + + <p> Valid input XML configurations for the top-level security label are: </p> diff --git a/docs/schemas/capability.rng b/docs/schemas/capability.rng index c392e4435..8c928bcf0 100644 --- a/docs/schemas/capability.rng +++ b/docs/schemas/capability.rng @@ -44,20 +44,22 @@ <optional> <ref name='topology'/> </optional> - <optional> + <zeroOrMore> <ref name='secmodel'/> - </optional> + </zeroOrMore> </element> </define> <define name='secmodel'> <element name='secmodel'> - <element name='model'> - <text/> - </element> - <element name='doi'> - <text/> - </element> + <interleave> + <element name='model'> + <text/> + </element> + <element name='doi'> + <text/> + </element> + </interleave> </element> </define> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 35e9f8256..401b76ba8 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -55,9 +55,9 @@ <optional> <ref name="devices"/> </optional> - <optional> + <zeroOrMore> <ref name="seclabel"/> - </optional> + </zeroOrMore> <optional> <ref name='qemucmdline'/> </optional> @@ -148,18 +148,32 @@ <!-- A per-device seclabel override is more limited, either relabel=no or a <label> must be present. --> <choice> - <attribute name='relabel'> - <value>no</value> - </attribute> <group> <optional> + <attribute name='model'> + <text/> + </attribute> + </optional> + <attribute name='relabel'> + <value>no</value> + </attribute> + </group> + <group> + <optional> + <attribute name='model'> + <text/> + </attribute> + </optional> + <optional> <attribute name='relabel'> <value>yes</value> </attribute> </optional> - <element name='label'> - <text/> - </element> + <zeroOrMore> + <element name='label'> + <text/> + </element> + </zeroOrMore> </group> </choice> </element> |