schema: rewrite seclabel rng to match code

The RNG for <seclabel> was too strict - if it was present, then it
had to have sub-elements, even if those didn't make sense for the
given attributes.  Also, we didn't have any tests of <seclabel>
parsing or XML output.

In this patch, I added more parsing tests than output tests (since
the output populates and/or reorders fields not present in certain
inputs).  Making the RNG reliable is a precursor to using <seclabel>
variants in more places in the XML in later patches.

See also:
http://berrange.com/posts/2011/09/29/two-small-improvements-to-svirt-guest-configuration-flexibility-with-kvmlibvirt/

* docs/schemas/domaincommon.rng (seclabel): Tighten rules.
* tests/qemuxml2argvtest.c (mymain): New tests.
* tests/qemuxml2xmltest.c (mymain): Likewise.
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*.*: New files.

docs/schemas/domaincommon.rng

@@ -50,30 +50,70 @@
   </define>
   <define name="seclabel">
     <element name="seclabel">
-      <attribute name="model">
-        <text/>
-      </attribute>
-      <attribute name="type">
-        <choice>
-          <value>dynamic</value>
-          <value>static</value>
-        </choice>
-      </attribute>
-      <attribute name="relabel">
-        <choice>
-          <value>yes</value>
-          <value>no</value>
-        </choice>
-      </attribute>
-      <element name="label">
-        <text/>
-      </element>
-      <element name="imagelabel">
-        <text/>
-      </element>
-      <element name="baselabel">
-        <text/>
-      </element>
+      <optional>
+        <attribute name='model'>
+          <text/>
+        </attribute>
+      </optional>
+      <choice>
+        <group>
+          <!-- with dynamic label (default), relabel must be yes, baselabel
+               is optional, and label and imagelabel are output-only -->
+          <optional>
+            <attribute name='type'>
+              <value>dynamic</value>
+            </attribute>
+          </optional>
+          <optional>
+            <attribute name='relabel'>
+              <value>yes</value>
+            </attribute>
+          </optional>
+          <interleave>
+            <optional>
+              <element name='label'>
+                <text/>
+              </element>
+            </optional>
+            <optional>
+              <element name='imagelabel'>
+                <text/>
+              </element>
+            </optional>
+            <optional>
+              <element name='baselabel'>
+                <text/>
+              </element>
+            </optional>
+          </interleave>
+        </group>
+        <group>
+          <!-- with static label, relabel can be either format (default
+               no), label is required, imagelabel is output-only, and no
+               baselabel is present -->
+          <attribute name='type'>
+            <value>static</value>
+          </attribute>
+          <optional>
+            <attribute name='relabel'>
+              <choice>
+                <value>yes</value>
+                <value>no</value>
+              </choice>
+            </attribute>
+          </optional>
+          <interleave>
+            <element name='label'>
+              <text/>
+            </element>
+            <optional>
+              <element name='imagelabel'>
+                <text/>
+              </element>
+            </optional>
+          </interleave>
+        </group>
+      </choice>
     </element>
   </define>
   <define name="hvs">

tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-baselabel.args

+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \
+pc -m 214 -smp 1 -name QEMUGuest1 -nographic -monitor unix:/tmp/test-monitor,\
+server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial \
+none -parallel none -usb

tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-baselabel.xml

+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory>219100</memory>
+  <currentMemory>219100</currentMemory>
+  <vcpu cpuset='1-4,8-20,525'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <disk type='block' device='disk'>
+      <source dev='/dev/HostVG/QEMUGuest1'/>
+      <target dev='hda' bus='ide'/>
+      <address type='drive' controller='0' bus='0' unit='0'/>
+    </disk>
+    <controller type='ide' index='0'/>
+    <memballoon model='virtio'/>
+  </devices>
+  <seclabel type='dynamic' model='selinux' relabel='yes'>
+    <baselabel>system_u:system_r:svirt_custom_t:s0</baselabel>
+  </seclabel>
+</domain>

tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic.args

+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \
+pc -m 214 -smp 1 -name QEMUGuest1 -nographic -monitor unix:/tmp/test-monitor,\
+server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial \
+none -parallel none -usb

tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic.xml

+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory>219100</memory>
+  <currentMemory>219100</currentMemory>
+  <vcpu cpuset='1-4,8-20,525'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <disk type='block' device='disk'>
+      <source dev='/dev/HostVG/QEMUGuest1'/>
+      <target dev='hda' bus='ide'/>
+      <address type='drive' controller='0' bus='0' unit='0'/>
+    </disk>
+    <controller type='ide' index='0'/>
+    <memballoon model='virtio'/>
+  </devices>
+  <seclabel type='dynamic' relabel='yes'/>
+</domain>

tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-relabel.args

+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \
+pc -m 214 -smp 1 -name QEMUGuest1 -nographic -monitor unix:/tmp/test-monitor,\
+server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial \
+none -parallel none -usb

tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-relabel.xml

+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory>219100</memory>
+  <currentMemory>219100</currentMemory>
+  <vcpu cpuset='1-4,8-20,525'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <disk type='block' device='disk'>
+      <source dev='/dev/HostVG/QEMUGuest1'/>
+      <target dev='hda' bus='ide'/>
+      <address type='drive' controller='0' bus='0' unit='0'/>
+    </disk>
+    <controller type='ide' index='0'/>
+    <memballoon model='virtio'/>
+  </devices>
+  <seclabel type='static' model='selinux' relabel='yes'>
+    <label>system_u:system_r:svirt_custom_t:s0:c192,c392</label>
+    <imagelabel>system_u:system_r:svirt_custom_t:s0:c192,c392</imagelabel>
+  </seclabel>
+</domain>

tests/qemuxml2argvdata/qemuxml2argv-seclabel-static.args

+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \
+pc -m 214 -smp 1 -name QEMUGuest1 -nographic -monitor unix:/tmp/test-monitor,\
+server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial \
+none -parallel none -usb

tests/qemuxml2argvdata/qemuxml2argv-seclabel-static.xml

+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory>219100</memory>
+  <currentMemory>219100</currentMemory>
+  <vcpu cpuset='1-4,8-20,525'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <disk type='block' device='disk'>
+      <source dev='/dev/HostVG/QEMUGuest1'/>
+      <target dev='hda' bus='ide'/>
+      <address type='drive' controller='0' bus='0' unit='0'/>
+    </disk>
+    <controller type='ide' index='0'/>
+    <memballoon model='virtio'/>
+  </devices>
+  <seclabel type='static' model='selinux' relabel='no'>
+    <label>system_u:system_r:svirt_custom_t:s0:c192,c392</label>
+  </seclabel>
+</domain>

tests/qemuxml2argvtest.c

@@ -660,6 +660,11 @@ mymain(void)
             QEMU_CAPS_CHARDEV, QEMU_CAPS_MONITOR_JSON, QEMU_CAPS_NODEFCONFIG,
             QEMU_CAPS_NO_SHUTDOWN);
 
+    DO_TEST("seclabel-dynamic", false, QEMU_CAPS_NAME);
+    DO_TEST("seclabel-dynamic-baselabel", false, QEMU_CAPS_NAME);
+    DO_TEST("seclabel-static", false, QEMU_CAPS_NAME);
+    DO_TEST("seclabel-static-relabel", false, QEMU_CAPS_NAME);
+
     free(driver.stateDir);
     virCapabilitiesFree(driver.caps);
     free(map);

tests/qemuxml2xmltest.c

@@ -194,6 +194,9 @@ mymain(void)
     DO_TEST("usb-redir");
     DO_TEST("blkdeviotune");
 
+    DO_TEST("seclabel-dynamic-baselabel");
+    DO_TEST("seclabel-static");
+
     /* These tests generate different XML */
     DO_TEST_DIFFERENT("balloon-device-auto");
     DO_TEST_DIFFERENT("channel-virtio-auto");