[libvirt] [PATCH 3/4] Fill in secret UUID for qcow encryption
Daniel Veillard
veillard at redhat.com
Fri Sep 11 16:18:41 UTC 2009
On Fri, Sep 11, 2009 at 03:19:19PM +0100, Daniel P. Berrange wrote:
> * src/storage_backend_fs.c: Lookup & fill in secret passphrase UUID
> for storage volumes using encryption
> ---
> src/storage_backend_fs.c | 41 ++++++++++++++++++++++++++++++++++++++++-
> 1 files changed, 40 insertions(+), 1 deletions(-)
>
> diff --git a/src/storage_backend_fs.c b/src/storage_backend_fs.c
> index 5ff0ed8..01cb171 100644
> --- a/src/storage_backend_fs.c
> +++ b/src/storage_backend_fs.c
> @@ -430,6 +430,11 @@ static int virStorageBackendProbeTarget(virConnectPtr conn,
> }
> enc->format = VIR_STORAGE_ENCRYPTION_FORMAT_QCOW;
> *encryption = enc;
> + /* XXX ideally we'd fill in secret UUID here
> + * but we cannot guarentee 'conn' is non-NULL
> + * at this point in time :-( So we only fill
> + * in secrets when someone first queries a vol
> + */
> }
> return 0;
> }
> @@ -1230,8 +1235,42 @@ virStorageBackendFileSystemVolRefresh(virConnectPtr conn,
> virStoragePoolObjPtr pool ATTRIBUTE_UNUSED,
> virStorageVolDefPtr vol)
> {
> + int ret;
> +
> /* Refresh allocation / permissions info in case its changed */
> - return virStorageBackendUpdateVolInfo(conn, vol, 0);
> + ret = virStorageBackendUpdateVolInfo(conn, vol, 0);
> + if (ret < 0)
> + return ret;
> +
> + /* Load any secrets if posible */
> + if (vol->target.encryption &&
> + vol->target.encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW &&
> + vol->target.encryption->nsecrets == 0) {
> + virSecretPtr sec;
> + virStorageEncryptionSecretPtr encsec = NULL;
> +
> + sec = virSecretLookupByUsage(conn,
> + VIR_SECRET_USAGE_TYPE_VOLUME,
> + vol->target.path);
> + if (sec) {
> + if (VIR_ALLOC_N(vol->target.encryption->secrets, 1) < 0 ||
> + VIR_ALLOC(encsec) < 0) {
> + VIR_FREE(vol->target.encryption->secrets);
> + virReportOOMError(conn);
> + virSecretFree(sec);
> + return -1;
> + }
> +
> + vol->target.encryption->nsecrets = 1;
> + vol->target.encryption->secrets[0] = encsec;
> +
> + encsec->type = VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE;
> + virSecretGetUUID(sec, encsec->uuid);
> + virSecretFree(sec);
> + }
> + }
> +
> + return 0;
> }
>
> virStorageBackend virStorageBackendDirectory = {
ACK,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list