[libvirt] Re: [RFC] sVirt 0.20

James Morris jmorris at namei.org
Mon Dec 15 00:17:30 UTC 2008

On Thu, 11 Dec 2008, Daniel P. Berrange wrote:

> >   * a virNodeInfo is a structure filled by virNodeGetInfo() and providing
> > @@ -504,6 +567,10 @@ int                     virDomainSetMaxMemory   (virDomainPtr domain,
> >  int                     virDomainSetMemory      (virDomainPtr domain,
> >                                                   unsigned long memory);
> >  int                     virDomainGetMaxVcpus    (virDomainPtr domain);
> > +int                     virDomainGetSecLabel	(virDomainPtr domain,
> > +                                                 virDomainSecLabelPtr seclabel);
> > +int                     virDomainGetSecModel	(virDomainPtr domain,
> > +                                                virDomainSecModelPtr secmodel);
> I'm leaning two ways on this. On the one hand I could see the
> virDomainGetSecModel being done against the node to match the
> fact that we record it in the node capabilities XML, so perhaps
> virNodeGetSecurityModel(virConnectPtr).

Actually, this is a call to get the node information, so I think the name 
should be changed.

> On the other hand, we already have this info against the node,

Which came from the above call.

> and conceivably you could have a domain configured with a model
> that doesn't match the node's model, so an explicit per-domain
> call is right. In that scenario, could we just put the security
> model data into the security label struct and have a single API

The domain doesn't have a security label until it's running, and then it 
must match the node's model, so I'm not sure we need to change anything 
except the name of virDomainGetSecModel (to virNodeGetSecurityMode).

- James
James Morris 
<jmorris at namei.org>

More information about the libvir-list mailing list