[libvirt] Re: [RFC] sVirt 0.20
James Morris
jmorris at namei.org
Mon Dec 15 00:17:30 UTC 2008
On Thu, 11 Dec 2008, Daniel P. Berrange wrote:
> > * a virNodeInfo is a structure filled by virNodeGetInfo() and providing
> > @@ -504,6 +567,10 @@ int virDomainSetMaxMemory (virDomainPtr domain,
> > int virDomainSetMemory (virDomainPtr domain,
> > unsigned long memory);
> > int virDomainGetMaxVcpus (virDomainPtr domain);
> > +int virDomainGetSecLabel (virDomainPtr domain,
> > + virDomainSecLabelPtr seclabel);
> > +int virDomainGetSecModel (virDomainPtr domain,
> > + virDomainSecModelPtr secmodel);
>
> I'm leaning two ways on this. On the one hand I could see the
> virDomainGetSecModel being done against the node to match the
> fact that we record it in the node capabilities XML, so perhaps
> virNodeGetSecurityModel(virConnectPtr).
Actually, this is a call to get the node information, so I think the name
should be changed.
> On the other hand, we already have this info against the node,
Which came from the above call.
> and conceivably you could have a domain configured with a model
> that doesn't match the node's model, so an explicit per-domain
> call is right. In that scenario, could we just put the security
> model data into the security label struct and have a single API
The domain doesn't have a security label until it's running, and then it
must match the node's model, so I'm not sure we need to change anything
except the name of virDomainGetSecModel (to virNodeGetSecurityMode).
- James
--
James Morris
<jmorris at namei.org>
More information about the libvir-list
mailing list