diff --git a/src/conf/capabilities.c b/src/conf/capabilities.c
index 8b9b516539..9a0bc3da55 100644
--- a/src/conf/capabilities.c
+++ b/src/conf/capabilities.c
@@ -181,8 +181,13 @@ virCapabilitiesFree(virCapsPtr caps) {
VIR_FREE(caps->host.migrateTrans);
VIR_FREE(caps->host.arch);
- VIR_FREE(caps->host.secModel.model);
- VIR_FREE(caps->host.secModel.doi);
+
+ for (i = 0; i < caps->host.nsecModels; i++) {
+ VIR_FREE(caps->host.secModels[i].model);
+ VIR_FREE(caps->host.secModels[i].doi);
+ }
+ VIR_FREE(caps->host.secModels);
+
virCPUDefFree(caps->host.cpu);
VIR_FREE(caps);
@@ -767,10 +772,12 @@ virCapabilitiesFormatXML(virCapsPtr caps)
virBufferAddLit(&xml, " </topology>\n");
}
- if (caps->host.secModel.model) {
+ if (caps->host.nsecModels) {
virBufferAddLit(&xml, " <secmodel>\n");
- virBufferAsprintf(&xml, " <model>%s</model>\n", caps->host.secModel.model);
- virBufferAsprintf(&xml, " <doi>%s</doi>\n", caps->host.secModel.doi);
+ virBufferAsprintf(&xml, " <model>%s</model>\n",
+ caps->host.secModels[0].model);
+ virBufferAsprintf(&xml, " <doi>%s</doi>\n",
+ caps->host.secModels[0].doi);
virBufferAddLit(&xml, " </secmodel>\n");
}
diff --git a/src/conf/capabilities.h b/src/conf/capabilities.h
index 460b273e3d..e43f4041cb 100644
--- a/src/conf/capabilities.h
+++ b/src/conf/capabilities.h
@@ -93,6 +93,7 @@ struct _virCapsHostNUMACell {
};
typedef struct _virCapsHostSecModel virCapsHostSecModel;
+typedef virCapsHostSecModel *virCapsHostSecModelPtr;
struct _virCapsHostSecModel {
char *model;
char *doi;
@@ -116,7 +117,10 @@ struct _virCapsHost {
size_t nnumaCell;
size_t nnumaCell_max;
virCapsHostNUMACellPtr *numaCell;
- virCapsHostSecModel secModel;
+
+ size_t nsecModels;
+ virCapsHostSecModelPtr secModels;
+
virCPUDefPtr cpu;
unsigned char host_uuid[VIR_UUID_BUFLEN];
};
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 53003710b0..59db649a06 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -618,6 +618,7 @@ virDomainAuditSecurityLabel(virDomainObjPtr vm, bool success)
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
const char *virt;
+ int i;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
@@ -630,11 +631,14 @@ virDomainAuditSecurityLabel(virDomainObjPtr vm, bool success)
virt = "?";
}
- VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_ID, success,
- "virt=%s %s uuid=%s vm-ctx=%s img-ctx=%s",
- virt, vmname, uuidstr,
- VIR_AUDIT_STR(vm->def->seclabel.label),
- VIR_AUDIT_STR(vm->def->seclabel.imagelabel));
+ for (i = 0; i < vm->def->nseclabels; i++) {
+ VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_ID, success,
+ "virt=%s %s uuid=%s vm-ctx=%s img-ctx=%s model=%s",
+ virt, vmname, uuidstr,
+ VIR_AUDIT_STR(vm->def->seclabels[i]->label),
+ VIR_AUDIT_STR(vm->def->seclabels[i]->imagelabel),
+ VIR_AUDIT_STR(vm->def->seclabels[i]->model));
+ }
VIR_FREE(vmname);
}
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 851284aa2e..4234416c0d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -865,12 +865,15 @@ virDomainGraphicsListenDefClear(virDomainGraphicsListenDefPtr def)
}
static void
-virSecurityLabelDefClear(virSecurityLabelDefPtr def)
+virSecurityLabelDefFree(virSecurityLabelDefPtr def)
{
+ if (!def)
+ return;
VIR_FREE(def->model);
VIR_FREE(def->label);
VIR_FREE(def->imagelabel);
VIR_FREE(def->baselabel);
+ VIR_FREE(def);
}
@@ -879,6 +882,7 @@ virSecurityDeviceLabelDefFree(virSecurityDeviceLabelDefPtr def)
{
if (!def)
return;
+ VIR_FREE(def->model);
VIR_FREE(def->label);
VIR_FREE(def);
}
@@ -964,7 +968,11 @@ void virDomainDiskDefFree(virDomainDiskDefPtr def)
virStorageEncryptionFree(def->encryption);
virDomainDeviceInfoClear(&def->info);
- virSecurityDeviceLabelDefFree(def->seclabel);
+ if (def->seclabels) {
+ for (i = 0; i < def->nseclabels; i++)
+ virSecurityDeviceLabelDefFree(def->seclabels[i]);
+ VIR_FREE(def->seclabels);
+ }
for (i = 0 ; i < def->nhosts ; i++)
virDomainDiskHostDefFree(&def->hosts[i]);
@@ -1626,7 +1634,9 @@ void virDomainDefFree(virDomainDefPtr def)
virDomainMemballoonDefFree(def->memballoon);
- virSecurityLabelDefClear(&def->seclabel);
+ for (i = 0; i < def->nseclabels; i++)
+ virSecurityLabelDefFree(def->seclabels[i]);
+ VIR_FREE(def->seclabels);
virCPUDefFree(def->cpu);
@@ -2982,10 +2992,10 @@ virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
{
char *p;
- if (virXPathNode("./seclabel", ctxt) == NULL)
+ if (virXPathNode("./seclabel[1]", ctxt) == NULL)
return 0;
- p = virXPathStringLimit("string(./seclabel/@type)",
+ p = virXPathStringLimit("string(./seclabel[1]/@type)",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p == NULL) {
def->type = VIR_DOMAIN_SECLABEL_DYNAMIC;
@@ -2999,7 +3009,7 @@ virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
}
}
- p = virXPathStringLimit("string(./seclabel/@relabel)",
+ p = virXPathStringLimit("string(./seclabel[1]/@relabel)",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p != NULL) {
if (STREQ(p, "yes")) {
@@ -3039,7 +3049,7 @@ virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
if (def->type == VIR_DOMAIN_SECLABEL_STATIC ||
(!(flags & VIR_DOMAIN_XML_INACTIVE) &&
def->type != VIR_DOMAIN_SECLABEL_NONE)) {
- p = virXPathStringLimit("string(./seclabel/label[1])",
+ p = virXPathStringLimit("string(./seclabel[1]/label[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p == NULL) {
virReportError(VIR_ERR_XML_ERROR,
@@ -3054,7 +3064,7 @@ virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
if (!def->norelabel &&
(!(flags & VIR_DOMAIN_XML_INACTIVE) &&
def->type != VIR_DOMAIN_SECLABEL_NONE)) {
- p = virXPathStringLimit("string(./seclabel/imagelabel[1])",
+ p = virXPathStringLimit("string(./seclabel[1]/imagelabel[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p == NULL) {
virReportError(VIR_ERR_XML_ERROR,
@@ -3066,7 +3076,7 @@ virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
/* Only parse baselabel for dynamic label type */
if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
- p = virXPathStringLimit("string(./seclabel/baselabel[1])",
+ p = virXPathStringLimit("string(./seclabel[1]/baselabel[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
def->baselabel = p;
}
@@ -3078,7 +3088,7 @@ virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
def->baselabel ||
(!(flags & VIR_DOMAIN_XML_INACTIVE) &&
def->type != VIR_DOMAIN_SECLABEL_NONE)) {
- p = virXPathStringLimit("string(./seclabel/@model)",
+ p = virXPathStringLimit("string(./seclabel[1]/@model)",
VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
if (p == NULL) {
virReportError(VIR_ERR_XML_ERROR,
@@ -3091,7 +3101,7 @@ virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,
return 0;
error:
- virSecurityLabelDefClear(def);
+ virSecurityLabelDefFree(def);
return -1;
}
@@ -3105,7 +3115,7 @@ virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDefPtr *def,
*def = NULL;
- if (virXPathNode("./seclabel", ctxt) == NULL)
+ if (virXPathNode("./seclabel[1]", ctxt) == NULL)
return 0;
/* Can't use overrides if top-level doesn't allow relabeling. */
@@ -3121,7 +3131,7 @@ virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDefPtr *def,
return -1;
}
- p = virXPathStringLimit("string(./seclabel/@relabel)",
+ p = virXPathStringLimit("string(./seclabel[1]/@relabel)",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p != NULL) {
if (STREQ(p, "yes")) {
@@ -3140,7 +3150,7 @@ virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDefPtr *def,
(*def)->norelabel = false;
}
- p = virXPathStringLimit("string(./seclabel/label[1])",
+ p = virXPathStringLimit("string(./seclabel[1]/label[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
(*def)->label = p;
@@ -3574,10 +3584,15 @@ virDomainDiskDefParseXML(virCapsPtr caps,
if (sourceNode) {
xmlNodePtr saved_node = ctxt->node;
ctxt->node = sourceNode;
- if (virSecurityDeviceLabelDefParseXML(&def->seclabel,
+ if ((VIR_ALLOC(def->seclabels) < 0)) {
+ virReportOOMError();
+ goto error;
+ }
+ if (virSecurityDeviceLabelDefParseXML(&def->seclabels[0],
vmSeclabel,
ctxt) < 0)
goto error;
+ def->nseclabels = 1;
ctxt->node = saved_node;
}
@@ -7030,7 +7045,7 @@ static int virDomainLifecycleParseXML(xmlXPathContextPtr ctxt,
}
virDomainDeviceDefPtr virDomainDeviceDefParse(virCapsPtr caps,
- const virDomainDefPtr def,
+ virDomainDefPtr def,
const char *xmlStr,
unsigned int flags)
{
@@ -7049,10 +7064,19 @@ virDomainDeviceDefPtr virDomainDeviceDefParse(virCapsPtr caps,
goto error;
}
+ if (!def->seclabels) {
+ if ((VIR_ALLOC(def->seclabels) < 0) ||
+ (VIR_ALLOC(def->seclabels[0])) < 0 ) {
+ virReportOOMError();
+ goto error;
+ }
+ }
+
if (xmlStrEqual(node->name, BAD_CAST "disk")) {
dev->type = VIR_DOMAIN_DEVICE_DISK;
if (!(dev->data.disk = virDomainDiskDefParseXML(caps, node, ctxt,
- NULL, &def->seclabel, flags)))
+ NULL, def->seclabels[0],
+ flags)))
goto error;
} else if (xmlStrEqual(node->name, BAD_CAST "lease")) {
dev->type = VIR_DOMAIN_DEVICE_LEASE;
@@ -7990,7 +8014,13 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
/* analysis of security label, done early even though we format it
* late, so devices can refer to this for defaults */
- if (virSecurityLabelDefParseXML(&def->seclabel, ctxt, flags) == -1)
+ if ((VIR_ALLOC(def->seclabels) < 0) ||
+ (VIR_ALLOC(def->seclabels[0]) < 0)) {
+ virReportOOMError();
+ goto error;
+ }
+ def->nseclabels = 1;
+ if (virSecurityLabelDefParseXML(def->seclabels[0], ctxt, flags) == -1)
goto error;
/* Extract domain memory */
@@ -8590,7 +8620,7 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
nodes[i],
ctxt,
bootMap,
- &def->seclabel,
+ def->seclabels[0],
flags);
if (!disk)
goto error;
@@ -11118,10 +11148,10 @@ virDomainDiskDefFormat(virBufferPtr buf,
if (def->startupPolicy)
virBufferEscapeString(buf, " startupPolicy='%s'",
startupPolicy);
- if (def->seclabel) {
+ if (def->seclabels && def->seclabels[0]) {
virBufferAddLit(buf, ">\n");
virBufferAdjustIndent(buf, 8);
- virSecurityDeviceLabelDefFormat(buf, def->seclabel);
+ virSecurityDeviceLabelDefFormat(buf, def->seclabels[0]);
virBufferAdjustIndent(buf, -8);
virBufferAddLit(buf, " </source>\n");
} else {
@@ -11131,10 +11161,10 @@ virDomainDiskDefFormat(virBufferPtr buf,
case VIR_DOMAIN_DISK_TYPE_BLOCK:
virBufferEscapeString(buf, " <source dev='%s'",
def->src);
- if (def->seclabel) {
+ if (def->seclabels && def->seclabels[0]) {
virBufferAddLit(buf, ">\n");
virBufferAdjustIndent(buf, 8);
- virSecurityDeviceLabelDefFormat(buf, def->seclabel);
+ virSecurityDeviceLabelDefFormat(buf, def->seclabels[0]);
virBufferAdjustIndent(buf, -8);
virBufferAddLit(buf, " </source>\n");
} else {
@@ -13128,9 +13158,11 @@ virDomainDefFormatInternal(virDomainDefPtr def,
virBufferAddLit(buf, " </devices>\n");
- virBufferAdjustIndent(buf, 2);
- virSecurityLabelDefFormat(buf, &def->seclabel);
- virBufferAdjustIndent(buf, -2);
+ if (def->nseclabels && def->seclabels) {
+ virBufferAdjustIndent(buf, 2);
+ virSecurityLabelDefFormat(buf, def->seclabels[0]);
+ virBufferAdjustIndent(buf, -2);
+ }
if (def->namespaceData && def->ns.format) {
if ((def->ns.format)(buf, def->namespaceData) < 0)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index fd0e89e14f..05a8bee7d0 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -296,6 +296,7 @@ struct _virSecurityLabelDef {
typedef struct _virSecurityDeviceLabelDef virSecurityDeviceLabelDef;
typedef virSecurityDeviceLabelDef *virSecurityDeviceLabelDefPtr;
struct _virSecurityDeviceLabelDef {
+ char *model;
char *label; /* image label string */
bool norelabel;
};
@@ -540,7 +541,6 @@ struct _virDomainDiskDef {
int device;
int bus;
char *src;
- virSecurityDeviceLabelDefPtr seclabel;
char *dst;
int tray_status;
int protocol;
@@ -580,6 +580,9 @@ struct _virDomainDiskDef {
virStorageEncryptionPtr encryption;
bool rawio_specified;
int rawio; /* no = 0, yes = 1 */
+
+ size_t nseclabels;
+ virSecurityDeviceLabelDefPtr *seclabels;
};
@@ -1658,8 +1661,10 @@ struct _virDomainDef {
int nhubs;
virDomainHubDefPtr *hubs;
+ size_t nseclabels;
+ virSecurityLabelDefPtr *seclabels;
+
/* Only 1 */
- virSecurityLabelDef seclabel;
virDomainWatchdogDefPtr watchdog;
virDomainMemballoonDefPtr memballoon;
virCPUDefPtr cpu;
@@ -1925,7 +1930,7 @@ void virDomainRemoveInactive(virDomainObjListPtr doms,
virDomainObjPtr dom);
virDomainDeviceDefPtr virDomainDeviceDefParse(virCapsPtr caps,
- const virDomainDefPtr def,
+ virDomainDefPtr def,
const char *xmlStr,
unsigned int flags);
virDomainDefPtr virDomainDefParseString(virCapsPtr caps,
diff --git a/src/lxc/lxc_conf.c b/src/lxc/lxc_conf.c
index a508f212b8..03340cf999 100644
--- a/src/lxc/lxc_conf.c
+++ b/src/lxc/lxc_conf.c
@@ -134,9 +134,13 @@ virCapsPtr lxcCapsInit(virLXCDriverPtr driver)
doi = virSecurityManagerGetDOI(driver->securityManager);
model = virSecurityManagerGetModel(driver->securityManager);
if (STRNEQ(model, "none")) {
- if (!(caps->host.secModel.model = strdup(model)))
+ /* Allocate just the primary security driver for LXC. */
+ if (VIR_ALLOC(caps->host.secModels) < 0)
goto no_memory;
- if (!(caps->host.secModel.doi = strdup(doi)))
+ caps->host.nsecModels = 1;
+ if (!(caps->host.secModels[0].model = strdup(model)))
+ goto no_memory;
+ if (!(caps->host.secModels[0].doi = strdup(doi)))
goto no_memory;
}
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 4c3c17fe2c..e5aea11711 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -1602,10 +1602,10 @@ int main(int argc, char *argv[])
goto cleanup;
VIR_DEBUG("Security model %s type %s label %s imagelabel %s",
- NULLSTR(ctrl->def->seclabel.model),
- virDomainSeclabelTypeToString(ctrl->def->seclabel.type),
- NULLSTR(ctrl->def->seclabel.label),
- NULLSTR(ctrl->def->seclabel.imagelabel));
+ NULLSTR(ctrl->def->seclabels[0]->model),
+ virDomainSeclabelTypeToString(ctrl->def->seclabels[0]->type),
+ NULLSTR(ctrl->def->seclabels[0]->label),
+ NULLSTR(ctrl->def->seclabels[0]->imagelabel));
ctrl->veths = veths;
ctrl->nveths = nveths;
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 2b5707ec7f..ff11c2c091 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -964,7 +964,6 @@ cleanup:
return ret;
}
-
/**
* lxcDomainStartWithFlags:
* @dom: domain to start
@@ -1182,12 +1181,12 @@ static int lxcNodeGetSecurityModel(virConnectPtr conn,
lxcDriverLock(driver);
memset(secmodel, 0, sizeof(*secmodel));
- /* NULL indicates no driver, which we treat as
- * success, but simply return no data in *secmodel */
- if (driver->caps->host.secModel.model == NULL)
+ /* we treat no driver as success, but simply return no data in *secmodel */
+ if (driver->caps->host.nsecModels == 0
+ || driver->caps->host.secModels[0].model == NULL)
goto cleanup;
- if (!virStrcpy(secmodel->model, driver->caps->host.secModel.model,
+ if (!virStrcpy(secmodel->model, driver->caps->host.secModels[0].model,
VIR_SECURITY_MODEL_BUFLEN)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security model string exceeds max %d bytes"),
@@ -1196,7 +1195,7 @@ static int lxcNodeGetSecurityModel(virConnectPtr conn,
goto cleanup;
}
- if (!virStrcpy(secmodel->doi, driver->caps->host.secModel.doi,
+ if (!virStrcpy(secmodel->doi, driver->caps->host.secModels[0].doi,
VIR_SECURITY_DOI_BUFLEN)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security DOI string exceeds max %d bytes"),
diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index dc34bef972..cdbf14b195 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -706,10 +706,11 @@ int virLXCProcessStop(virLXCDriverPtr driver,
vm->def, false);
virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
/* Clear out dynamically assigned labels */
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
- VIR_FREE(vm->def->seclabel.model);
- VIR_FREE(vm->def->seclabel.label);
- VIR_FREE(vm->def->seclabel.imagelabel);
+ if (vm->def->nseclabels &&
+ vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
+ VIR_FREE(vm->def->seclabels[0]->model);
+ VIR_FREE(vm->def->seclabels[0]->label);
+ VIR_FREE(vm->def->seclabels[0]->imagelabel);
}
if (virCgroupForDomain(driver->cgroup, vm->def->name, &group, 0) == 0) {
@@ -1001,8 +1002,9 @@ int virLXCProcessStart(virConnectPtr conn,
/* If you are using a SecurityDriver with dynamic labelling,
then generate a security label for isolation */
VIR_DEBUG("Generating domain security label (if required)");
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DEFAULT)
- vm->def->seclabel.type = VIR_DOMAIN_SECLABEL_NONE;
+ if (vm->def->nseclabels &&
+ vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT)
+ vm->def->seclabels[0]->type = VIR_DOMAIN_SECLABEL_NONE;
if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) {
virDomainAuditSecurityLabel(vm, false);
@@ -1207,10 +1209,11 @@ cleanup:
vm->def, false);
virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
/* Clear out dynamically assigned labels */
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
- VIR_FREE(vm->def->seclabel.model);
- VIR_FREE(vm->def->seclabel.label);
- VIR_FREE(vm->def->seclabel.imagelabel);
+ if (vm->def->nseclabels &&
+ vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
+ VIR_FREE(vm->def->seclabels[0]->model);
+ VIR_FREE(vm->def->seclabels[0]->label);
+ VIR_FREE(vm->def->seclabels[0]->imagelabel);
}
}
for (i = 0 ; i < nttyFDs ; i++)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index bd97008a35..6a43bb9d95 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -321,10 +321,15 @@ qemuCreateCapabilities(virCapsPtr oldcaps,
doi = virSecurityManagerGetDOI(driver->securityManager);
model = virSecurityManagerGetModel(driver->securityManager);
+
+ if (VIR_ALLOC(caps->host.secModels) < 0) {
+ goto no_memory;
+ }
+
if (STRNEQ(model, "none")) {
- if (!(caps->host.secModel.model = strdup(model)))
+ if (!(caps->host.secModels[0].model = strdup(model)))
goto no_memory;
- if (!(caps->host.secModel.doi = strdup(doi)))
+ if (!(caps->host.secModels[0].doi = strdup(doi)))
goto no_memory;
}
@@ -4060,10 +4065,10 @@ static int qemudNodeGetSecurityModel(virConnectPtr conn,
/* NULL indicates no driver, which we treat as
* success, but simply return no data in *secmodel */
- if (driver->caps->host.secModel.model == NULL)
+ if (driver->caps->host.secModels[0].model == NULL)
goto cleanup;
- p = driver->caps->host.secModel.model;
+ p = driver->caps->host.secModels[0].model;
if (strlen(p) >= VIR_SECURITY_MODEL_BUFLEN-1) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security model string exceeds max %d bytes"),
@@ -4073,7 +4078,7 @@ static int qemudNodeGetSecurityModel(virConnectPtr conn,
}
strcpy(secmodel->model, p);
- p = driver->caps->host.secModel.doi;
+ p = driver->caps->host.secModels[0].doi;
if (strlen(p) >= VIR_SECURITY_DOI_BUFLEN-1) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security DOI string exceeds max %d bytes"),
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index df4a016040..553bf90652 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4079,12 +4079,12 @@ void qemuProcessStop(struct qemud_driver *driver,
virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
/* Clear out dynamically assigned labels */
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
- if (!vm->def->seclabel.baselabel)
- VIR_FREE(vm->def->seclabel.model);
- VIR_FREE(vm->def->seclabel.label);
+ if (vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
+ if (!vm->def->seclabels[0]->baselabel)
+ VIR_FREE(vm->def->seclabels[0]->model);
+ VIR_FREE(vm->def->seclabels[0]->label);
}
- VIR_FREE(vm->def->seclabel.imagelabel);
+ VIR_FREE(vm->def->seclabels[0]->imagelabel);
virDomainDefClearDeviceAliases(vm->def);
if (!priv->persistentAddrs) {
@@ -4227,16 +4227,16 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
goto no_memory;
VIR_DEBUG("Detect security driver config");
- vm->def->seclabel.type = VIR_DOMAIN_SECLABEL_STATIC;
+ vm->def->seclabels[0]->type = VIR_DOMAIN_SECLABEL_STATIC;
if (VIR_ALLOC(seclabel) < 0)
goto no_memory;
if (virSecurityManagerGetProcessLabel(driver->securityManager,
vm->def, vm->pid, seclabel) < 0)
goto cleanup;
- if (driver->caps->host.secModel.model &&
- !(vm->def->seclabel.model = strdup(driver->caps->host.secModel.model)))
+ if (driver->caps->host.secModels[0].model &&
+ !(vm->def->seclabels[0]->model = strdup(driver->caps->host.secModels[0].model)))
goto no_memory;
- if (!(vm->def->seclabel.label = strdup(seclabel->label)))
+ if (!(vm->def->seclabels[0]->label = strdup(seclabel->label)))
goto no_memory;
VIR_DEBUG("Creating domain log file");
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 44ab6fb2a7..6b372b55da 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -308,16 +308,16 @@ int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
{
- if (vm->seclabel.type == VIR_DOMAIN_SECLABEL_DEFAULT) {
+ if (vm->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT) {
if (mgr->defaultConfined) {
- vm->seclabel.type = VIR_DOMAIN_SECLABEL_DYNAMIC;
+ vm->seclabels[0]->type = VIR_DOMAIN_SECLABEL_DYNAMIC;
} else {
- vm->seclabel.type = VIR_DOMAIN_SECLABEL_NONE;
- vm->seclabel.norelabel = true;
+ vm->seclabels[0]->type = VIR_DOMAIN_SECLABEL_NONE;
+ vm->seclabels[0]->norelabel = true;
}
}
- if ((vm->seclabel.type == VIR_DOMAIN_SECLABEL_NONE) &&
+ if ((vm->seclabels[0]->type == VIR_DOMAIN_SECLABEL_NONE) &&
mgr->requireConfined) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Unconfined guests are not allowed on this host"));
@@ -399,7 +399,7 @@ int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
int virSecurityManagerVerify(virSecurityManagerPtr mgr,
virDomainDefPtr def)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
/* NULL model == dynamic labelling, with whatever driver
* is active, so we can short circuit verify check to
* avoid drivers de-referencing NULLs by accident
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index cf69040ba9..645232bb9e 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -366,43 +366,43 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
VIR_DEBUG("driver=%s", virSecurityManagerGetDriver(mgr));
- if ((def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) &&
- !def->seclabel.baselabel &&
- def->seclabel.model) {
+ if ((def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC) &&
+ !def->seclabels[0]->baselabel &&
+ def->seclabels[0]->model) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security model already defined for VM"));
return rc;
}
- if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
- def->seclabel.label) {
+ if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+ def->seclabels[0]->label) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security label already defined for VM"));
return rc;
}
- if (def->seclabel.imagelabel) {
+ if (def->seclabels[0]->imagelabel) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security image label already defined for VM"));
return rc;
}
- if (def->seclabel.model &&
- STRNEQ(def->seclabel.model, SECURITY_SELINUX_NAME)) {
+ if (def->seclabels[0]->model &&
+ STRNEQ(def->seclabels[0]->model, SECURITY_SELINUX_NAME)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label model %s is not supported with selinux"),
- def->seclabel.model);
+ def->seclabels[0]->model);
return rc;
}
- VIR_DEBUG("type=%d", def->seclabel.type);
+ VIR_DEBUG("type%d", def->seclabels[0]->type);
- switch (def->seclabel.type) {
+ switch (def->seclabels[0]->type) {
case VIR_DOMAIN_SECLABEL_STATIC:
- if (!(ctx = context_new(def->seclabel.label)) ) {
+ if (!(ctx = context_new(def->seclabels[0]->label)) ) {
virReportSystemError(errno,
_("unable to allocate socket security context '%s'"),
- def->seclabel.label);
+ def->seclabels[0]->label);
return rc;
}
@@ -421,12 +421,15 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
if (virSecuritySELinuxMCSAdd(mgr, mcs) < 0)
goto cleanup;
- if (!(def->seclabel.label =
- virSecuritySELinuxGenNewContext(def->seclabel.baselabel ?
- def->seclabel.baselabel :
- data->domain_context,
- mcs, false)))
+ def->seclabels[0]->label =
+ virSecuritySELinuxGenNewContext(def->seclabels[0]->baselabel ?
+ def->seclabels[0]->baselabel :
+ data->domain_context, mcs, false);
+ if (! def->seclabels[0]->label) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot generate selinux context for %s"), mcs);
goto cleanup;
+ }
break;
case VIR_DOMAIN_SECLABEL_NONE:
@@ -436,18 +439,23 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
_("unexpected security label type '%s'"),
- virDomainSeclabelTypeToString(def->seclabel.type));
+ virDomainSeclabelTypeToString(def->seclabels[0]->type));
goto cleanup;
}
- if (!def->seclabel.norelabel) {
- if (!(def->seclabel.imagelabel =
- virSecuritySELinuxGenNewContext(data->file_context, mcs, true)))
+ if (!def->seclabels[0]->norelabel) {
+ def->seclabels[0]->imagelabel = virSecuritySELinuxGenNewContext(data->file_context,
+ mcs,
+ true);
+ if (!def->seclabels[0]->imagelabel) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot generate selinux context for %s"), mcs);
goto cleanup;
+ }
}
- if (!def->seclabel.model &&
- !(def->seclabel.model = strdup(SECURITY_SELINUX_NAME))) {
+ if (!def->seclabels[0]->model &&
+ !(def->seclabels[0]->model = strdup(SECURITY_SELINUX_NAME))) {
virReportOOMError();
goto cleanup;
}
@@ -456,12 +464,12 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
cleanup:
if (rc != 0) {
- if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC)
- VIR_FREE(def->seclabel.label);
- VIR_FREE(def->seclabel.imagelabel);
- if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
- !def->seclabel.baselabel)
- VIR_FREE(def->seclabel.model);
+ if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC)
+ VIR_FREE(def->seclabels[0]->label);
+ VIR_FREE(def->seclabels[0]->imagelabel);
+ if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+ !def->seclabels[0]->baselabel)
+ VIR_FREE(def->seclabels[0]->model);
}
if (ctx)
@@ -470,16 +478,16 @@ cleanup:
VIR_FREE(mcs);
VIR_DEBUG("model=%s label=%s imagelabel=%s baselabel=%s",
- NULLSTR(def->seclabel.model),
- NULLSTR(def->seclabel.label),
- NULLSTR(def->seclabel.imagelabel),
- NULLSTR(def->seclabel.baselabel));
+ NULLSTR(def->seclabels[0]->model),
+ NULLSTR(def->seclabels[0]->label),
+ NULLSTR(def->seclabels[0]->imagelabel),
+ NULLSTR(def->seclabels[0]->baselabel));
return rc;
}
static int
-virSecuritySELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+virSecuritySELinuxReserveSecurityLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
pid_t pid)
{
@@ -488,7 +496,7 @@ virSecuritySELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSE
const char *mcs;
int rv;
- if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
+ if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
if (getpidcon(pid, &pctx) == -1) {
@@ -792,9 +800,9 @@ virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBU
virDomainDiskDefPtr disk,
int migrated)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
- if (secdef->norelabel || (disk->seclabel && disk->seclabel->norelabel))
+ if (secdef->norelabel || (disk->seclabels[0] && disk->seclabels[0]->norelabel))
return 0;
/* Don't restore labels on readoly/shared disks, because
@@ -851,12 +859,12 @@ virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
int ret;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(cbdata->manager);
- if (disk->seclabel && disk->seclabel->norelabel)
+ if (disk->seclabels[0] && disk->seclabels[0]->norelabel)
return 0;
- if (disk->seclabel && !disk->seclabel->norelabel &&
- disk->seclabel->label) {
- ret = virSecuritySELinuxSetFilecon(path, disk->seclabel->label);
+ if (disk->seclabels[0] && !disk->seclabels[0]->norelabel &&
+ disk->seclabels[0]->label) {
+ ret = virSecuritySELinuxSetFilecon(path, disk->seclabels[0]->label);
} else if (depth == 0) {
if (disk->shared) {
@@ -871,14 +879,14 @@ virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
} else {
ret = virSecuritySELinuxSetFileconOptional(path, data->content_context);
}
- if (ret == 1 && !disk->seclabel) {
+ if (ret == 1 && !disk->seclabels[0]) {
/* If we failed to set a label, but virt_use_nfs let us
* proceed anyway, then we don't need to relabel later. */
- if (VIR_ALLOC(disk->seclabel) < 0) {
+ if (VIR_ALLOC(disk->seclabels[0]) < 0) {
virReportOOMError();
return -1;
}
- disk->seclabel->norelabel = true;
+ disk->seclabels[0]->norelabel = true;
ret = 0;
}
return ret;
@@ -891,7 +899,7 @@ virSecuritySELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
{
virSecuritySELinuxCallbackData cbdata;
- cbdata.secdef = &def->seclabel;
+ cbdata.secdef = def->seclabels[0];
cbdata.manager = mgr;
bool allowDiskFormatProbing = virSecurityManagerGetAllowDiskFormatProbing(mgr);
@@ -922,7 +930,7 @@ virSecuritySELinuxSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
const char *file, void *opaque)
{
virDomainDefPtr def = opaque;
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
return virSecuritySELinuxSetFilecon(file, secdef->imagelabel);
}
@@ -932,7 +940,7 @@ virSecuritySELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
const char *file, void *opaque)
{
virDomainDefPtr def = opaque;
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
return virSecuritySELinuxSetFilecon(file, secdef->imagelabel);
}
@@ -943,7 +951,7 @@ virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UN
virDomainHostdevDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
int ret = -1;
if (secdef->norelabel)
@@ -1012,7 +1020,7 @@ virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUT
virDomainHostdevDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
int ret = -1;
if (secdef->norelabel)
@@ -1065,7 +1073,7 @@ virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
virDomainChrSourceDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
char *in = NULL, *out = NULL;
int ret = -1;
@@ -1111,7 +1119,7 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
virDomainChrSourceDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
char *in = NULL, *out = NULL;
int ret = -1;
@@ -1204,7 +1212,7 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UN
virDomainDefPtr def,
int migrated ATTRIBUTE_UNUSED)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
int i;
int rc = 0;
@@ -1254,7 +1262,7 @@ static int
virSecuritySELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
if (secdef->label != NULL) {
@@ -1279,7 +1287,7 @@ virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def,
const char *savefile)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
if (secdef->norelabel)
return 0;
@@ -1293,7 +1301,7 @@ virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNU
virDomainDefPtr def,
const char *savefile)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
if (secdef->norelabel)
return 0;
@@ -1306,7 +1314,7 @@ static int
virSecuritySELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: "
@@ -1331,10 +1339,10 @@ virSecuritySELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def)
{
/* TODO: verify DOI */
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
VIR_DEBUG("label=%s", secdef->label);
- if (def->seclabel.label == NULL)
+ if (def->seclabels[0]->label == NULL)
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -1363,13 +1371,13 @@ virSecuritySELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def)
{
/* TODO: verify DOI */
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
context_t execcon = NULL;
context_t proccon = NULL;
security_context_t scon = NULL;
int rc = -1;
- if (def->seclabel.label == NULL)
+ if (def->seclabels[0]->label == NULL)
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -1433,7 +1441,7 @@ static int
virSecuritySELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
{
- const virSecurityLabelDefPtr secdef = &vm->seclabel;
+ const virSecurityLabelDefPtr secdef = vm->seclabels[0];
int rc = -1;
if (secdef->label == NULL)
@@ -1471,9 +1479,9 @@ virSecuritySELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def)
{
/* TODO: verify DOI */
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
- if (def->seclabel.label == NULL)
+ if (def->seclabels[0]->label == NULL)
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -1550,7 +1558,7 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
const char *stdin_path)
{
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
int i;
if (secdef->norelabel)
@@ -1611,7 +1619,7 @@ virSecuritySELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def,
int fd)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
if (secdef->imagelabel == NULL)
return 0;
@@ -1623,7 +1631,7 @@ static char *
virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def)
{
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
const char *range;
context_t ctx = NULL;
@@ -1660,7 +1668,7 @@ virSecuritySELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr,
virDomainDefPtr def)
{
char *opts = NULL;
- const virSecurityLabelDefPtr secdef = &def->seclabel;
+ const virSecurityLabelDefPtr secdef = def->seclabels[0];
if (! secdef->imagelabel)
secdef->imagelabel = virSecuritySELinuxGenImageLabel(mgr,def);
diff --git a/src/test/test_driver.c b/src/test/test_driver.c
index a767e21bef..aa4418a151 100644
--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
@@ -206,12 +206,15 @@ testBuildCapabilities(virConnectPtr conn) {
caps->privateDataAllocFunc = testDomainObjPrivateAlloc;
caps->privateDataFreeFunc = testDomainObjPrivateFree;
- caps->host.secModel.model = strdup("testSecurity");
- if (!caps->host.secModel.model)
+ caps->host.nsecModels = 1;
+ if (VIR_ALLOC_N(caps->host.secModels, caps->host.nsecModels) < 0)
+ goto no_memory;
+ caps->host.secModels[0].model = strdup("testSecurity");
+ if (!caps->host.secModels[0].model)
goto no_memory;
- caps->host.secModel.doi = strdup("");
- if (!caps->host.secModel.doi)
+ caps->host.secModels[0].doi = strdup("");
+ if (!caps->host.secModels[0].doi)
goto no_memory;
return caps;