[libvirt] [PATCH libvirt-glib 6/5] Add support for setting security labels
Christophe Fergeau
cfergeau at redhat.com
Thu Dec 1 09:44:14 UTC 2011
ACK apart a few small nits below
On Wed, Nov 30, 2011 at 05:09:50PM +0000, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> Add support for the <seclabel> element via a new object
> GVirConfigDomainSeclabel.
>
> * libvirt-gconfig-domain-seclabel.c, libvirt-gconfig-domain-seclabel.h,
> Makefile.am, libvirt-gconfig.h, libvirt-gconfig.sym: New objects
> * libvirt-gconfig-domain.c, libvirt-gconfig-domain.h: API to
> associate seclabel with an domain
> ---
> libvirt-gconfig/Makefile.am | 2 +
> libvirt-gconfig/libvirt-gconfig-domain-seclabel.c | 113 +++++++++++++++++++++
> libvirt-gconfig/libvirt-gconfig-domain-seclabel.h | 76 ++++++++++++++
> libvirt-gconfig/libvirt-gconfig-domain.c | 10 ++
> libvirt-gconfig/libvirt-gconfig-domain.h | 2 +
> libvirt-gconfig/libvirt-gconfig.h | 1 +
> libvirt-gconfig/libvirt-gconfig.sym | 10 ++
> 7 files changed, 214 insertions(+), 0 deletions(-)
> create mode 100644 libvirt-gconfig/libvirt-gconfig-domain-seclabel.c
> create mode 100644 libvirt-gconfig/libvirt-gconfig-domain-seclabel.h
>
> diff --git a/libvirt-gconfig/Makefile.am b/libvirt-gconfig/Makefile.am
> index 7c9e8c0..ddae5fa 100644
> --- a/libvirt-gconfig/Makefile.am
> +++ b/libvirt-gconfig/Makefile.am
> @@ -25,6 +25,7 @@ GCONFIG_HEADER_FILES = \
> libvirt-gconfig-domain-interface.h \
> libvirt-gconfig-domain-interface-network.h \
> libvirt-gconfig-domain-os.h \
> + libvirt-gconfig-domain-seclabel.h \
> libvirt-gconfig-domain-snapshot.h \
> libvirt-gconfig-domain-timer.h \
> libvirt-gconfig-domain-video.h \
> @@ -57,6 +58,7 @@ GCONFIG_SOURCE_FILES = \
> libvirt-gconfig-domain-interface.c \
> libvirt-gconfig-domain-interface-network.c \
> libvirt-gconfig-domain-os.c \
> + libvirt-gconfig-domain-seclabel.c \
> libvirt-gconfig-domain-snapshot.c \
> libvirt-gconfig-domain-timer.c \
> libvirt-gconfig-domain-video.c \
> diff --git a/libvirt-gconfig/libvirt-gconfig-domain-seclabel.c b/libvirt-gconfig/libvirt-gconfig-domain-seclabel.c
> new file mode 100644
> index 0000000..61fbb48
> --- /dev/null
> +++ b/libvirt-gconfig/libvirt-gconfig-domain-seclabel.c
> @@ -0,0 +1,113 @@
> +/*
> + * libvirt-gobject-config-domain-seclabel.c: libvirt glib integration
> + *
> + * Copyright (C) 2011 Red Hat
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPSECLABELE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, write to the Free Software
> + * Foundation, Inc., 59 Temple Place, Suite 330, Bseclabelton, MA 02111-1307 USA
> + *
> + * Author: Christophe Fergeau <cfergeau at gmail.com>
Same comment as all the other patches
> + */
> +
> +#include <config.h>
> +
> +#include <string.h>
> +
> +#include <libxml/tree.h>
This include can probably be removed from most of the new files you add in
this series.
> +
> +#include "libvirt-gconfig/libvirt-gconfig.h"
> +#include "libvirt-gconfig/libvirt-gconfig-helpers-private.h"
> +#include "libvirt-gconfig/libvirt-gconfig-object-private.h"
> +
> +#define GVIR_CONFIG_DOMAIN_SECLABEL_GET_PRIVATE(obj) \
> + (G_TYPE_INSTANCE_GET_PRIVATE((obj), GVIR_TYPE_CONFIG_DOMAIN_SECLABEL, GVirConfigDomainSeclabelPrivate))
> +
> +struct _GVirConfigDomainSeclabelPrivate
> +{
> + gboolean unused;
> +};
> +
> +G_DEFINE_TYPE(GVirConfigDomainSeclabel, gvir_config_domain_seclabel, GVIR_TYPE_CONFIG_OBJECT);
> +
> +
> +static void gvir_config_domain_seclabel_class_init(GVirConfigDomainSeclabelClass *klass)
> +{
> + g_type_class_add_private(klass, sizeof(GVirConfigDomainSeclabelPrivate));
> +}
> +
> +
> +static void gvir_config_domain_seclabel_init(GVirConfigDomainSeclabel *seclabel)
> +{
> + g_debug("Init GVirConfigDomainSeclabel=%p", seclabel);
> +
> + seclabel->priv = GVIR_CONFIG_DOMAIN_SECLABEL_GET_PRIVATE(seclabel);
> +}
> +
> +
> +GVirConfigDomainSeclabel *gvir_config_domain_seclabel_new(void)
> +{
> + GVirConfigObject *object;
> +
> + object = gvir_config_object_new(GVIR_TYPE_CONFIG_DOMAIN_SECLABEL, "seclabel", NULL);
> + return GVIR_CONFIG_DOMAIN_SECLABEL(object);
> +}
> +
> +GVirConfigDomainSeclabel *gvir_config_domain_seclabel_new_from_xml(const gchar *xml, GError **error)
> +{
> + GVirConfigObject *object;
> +
> + object = gvir_config_object_new_from_xml(GVIR_TYPE_CONFIG_DOMAIN_SECLABEL, "seclabel",
> + NULL, xml, error);
> + return GVIR_CONFIG_DOMAIN_SECLABEL(object);
> +}
> +
> +void gvir_config_domain_seclabel_set_type(GVirConfigDomainSeclabel *seclabel,
> + GVirConfigDomainSeclabelType type)
> +{
> + g_return_if_fail(GVIR_IS_CONFIG_DOMAIN_SECLABEL(seclabel));
> +
> + gvir_config_object_set_attribute_with_type(GVIR_CONFIG_OBJECT(seclabel),
> + "type",
> + GVIR_TYPE_CONFIG_DOMAIN_SECLABEL_TYPE,
> + type, NULL);
> +}
> +
> +void gvir_config_domain_seclabel_set_model(GVirConfigDomainSeclabel *seclabel,
> + const gchar *model)
> +{
> + g_return_if_fail(GVIR_IS_CONFIG_DOMAIN_SECLABEL(seclabel));
> +
> + gvir_config_object_set_attribute(GVIR_CONFIG_OBJECT(seclabel),
> + "model", model,
> + NULL);
> +
> +}
> +
> +void gvir_config_domain_seclabel_set_baselabel(GVirConfigDomainSeclabel *seclabel,
> + const char *label)
> +{
> + g_return_if_fail(GVIR_IS_CONFIG_DOMAIN_SECLABEL(seclabel));
> +
> + gvir_config_object_set_node_content(GVIR_CONFIG_OBJECT(seclabel),
> + "baselabel", label);
> +}
> +
> +void gvir_config_domain_seclabel_set_label(GVirConfigDomainSeclabel *seclabel,
> + const char *label)
> +{
> + g_return_if_fail(GVIR_IS_CONFIG_DOMAIN_SECLABEL(seclabel));
> +
> + gvir_config_object_set_node_content(GVIR_CONFIG_OBJECT(seclabel),
> + "label", label);
> +}
> diff --git a/libvirt-gconfig/libvirt-gconfig-domain-seclabel.h b/libvirt-gconfig/libvirt-gconfig-domain-seclabel.h
> new file mode 100644
> index 0000000..cfa37a1
> --- /dev/null
> +++ b/libvirt-gconfig/libvirt-gconfig-domain-seclabel.h
> @@ -0,0 +1,76 @@
> +/*
> + * libvirt-gobject-domain-seclabel.c: libvirt gobject integration
.h
> + *
> + * Copyright (C) 2011 Red Hat
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPSECLABELE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, write to the Free Software
> + * Foundation, Inc., 59 Temple Place, Suite 330, Bseclabelton, MA 02111-1307 USA
> + *
> + * Author: Christophe Fergeau <cfergeau at gmail.com>
> + */
> +
> +#if !defined(__LIBVIRT_GCONFIG_H__) && !defined(LIBVIRT_GCONFIG_BUILD)
> +#error "Only <libvirt-gconfig/libvirt-gconfig.h> can be included directly."
> +#endif
> +
> +#ifndef __LIBVIRT_GCONFIG_DOMAIN_SECLABEL_H__
> +#define __LIBVIRT_GCONFIG_DOMAIN_SECLABEL_H__
> +
> +G_BEGIN_DECLS
> +
> +#define GVIR_TYPE_CONFIG_DOMAIN_SECLABEL (gvir_config_domain_seclabel_get_type ())
> +#define GVIR_CONFIG_DOMAIN_SECLABEL(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GVIR_TYPE_CONFIG_DOMAIN_SECLABEL, GVirConfigDomainSeclabel))
> +#define GVIR_CONFIG_DOMAIN_SECLABEL_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GVIR_TYPE_CONFIG_DOMAIN_SECLABEL, GVirConfigDomainSeclabelClass))
> +#define GVIR_IS_CONFIG_DOMAIN_SECLABEL(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GVIR_TYPE_CONFIG_DOMAIN_SECLABEL))
> +#define GVIR_IS_CONFIG_DOMAIN_SECLABEL_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GVIR_TYPE_CONFIG_DOMAIN_SECLABEL))
> +#define GVIR_CONFIG_DOMAIN_SECLABEL_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), GVIR_TYPE_CONFIG_DOMAIN_SECLABEL, GVirConfigDomainSeclabelClass))
> +
> +typedef struct _GVirConfigDomainSeclabel GVirConfigDomainSeclabel;
> +typedef struct _GVirConfigDomainSeclabelPrivate GVirConfigDomainSeclabelPrivate;
> +typedef struct _GVirConfigDomainSeclabelClass GVirConfigDomainSeclabelClass;
> +
> +struct _GVirConfigDomainSeclabel
> +{
> + GVirConfigObject parent;
> +
> + GVirConfigDomainSeclabelPrivate *priv;
> +
> + /* Do not add fields to this struct */
> +};
> +
> +struct _GVirConfigDomainSeclabelClass
> +{
> + GVirConfigObjectClass parent_class;
> +
> + gpointer padding[20];
> +};
> +
> +typedef enum {
> + GVIR_CONFIG_DOMAIN_SECLABEL_TYPE_DYNAMIC,
> + GVIR_CONFIG_DOMAIN_SECLABEL_TYPE_STATIC
> +} GVirConfigDomainSeclabelType;
> +
> +GType gvir_config_domain_seclabel_get_type(void);
> +
> +GVirConfigDomainSeclabel *gvir_config_domain_seclabel_new(void);
> +GVirConfigDomainSeclabel *gvir_config_domain_seclabel_new_from_xml(const gchar *xml, GError **error);
> +
> +void gvir_config_domain_seclabel_set_type(GVirConfigDomainSeclabel *seclabel, GVirConfigDomainSeclabelType type);
> +void gvir_config_domain_seclabel_set_model(GVirConfigDomainSeclabel *seclabel, const gchar *model);
> +void gvir_config_domain_seclabel_set_baselabel(GVirConfigDomainSeclabel *seclabel, const gchar *label);
> +void gvir_config_domain_seclabel_set_label(GVirConfigDomainSeclabel *seclabel, const gchar *label);
> +
> +G_END_DECLS
> +
> +#endif /* __LIBVIRT_GCONFIG_DOMAIN_SECLABEL_H__ */
> diff --git a/libvirt-gconfig/libvirt-gconfig-domain.c b/libvirt-gconfig/libvirt-gconfig-domain.c
> index 8fb1a2b..d83baea 100644
> --- a/libvirt-gconfig/libvirt-gconfig-domain.c
> +++ b/libvirt-gconfig/libvirt-gconfig-domain.c
> @@ -298,6 +298,16 @@ void gvir_config_domain_set_os(GVirConfigDomain *domain,
> GVIR_CONFIG_OBJECT(os));
> }
>
> +void gvir_config_domain_set_seclabel(GVirConfigDomain *domain,
> + GVirConfigDomainSeclabel *seclabel)
> +{
> + g_return_if_fail(GVIR_IS_CONFIG_DOMAIN(domain));
> + g_return_if_fail(GVIR_IS_CONFIG_DOMAIN_SECLABEL(seclabel));
> +
> + gvir_config_object_attach(GVIR_CONFIG_OBJECT(domain),
> + GVIR_CONFIG_OBJECT(seclabel));
> +}
> +
> /**
> * gvir_config_domain_set_devices:
> * @devices: (in) (element-type LibvirtGConfig.DomainDevice):
> diff --git a/libvirt-gconfig/libvirt-gconfig-domain.h b/libvirt-gconfig/libvirt-gconfig-domain.h
> index c97ff46..6d4195f 100644
> --- a/libvirt-gconfig/libvirt-gconfig-domain.h
> +++ b/libvirt-gconfig/libvirt-gconfig-domain.h
> @@ -87,6 +87,8 @@ void gvir_config_domain_set_clock(GVirConfigDomain *domain,
> GVirConfigDomainClock *klock);
> void gvir_config_domain_set_os(GVirConfigDomain *domain,
> GVirConfigDomainOs *os);
> +void gvir_config_domain_set_seclabel(GVirConfigDomain *domain,
> + GVirConfigDomainSeclabel *seclabel);
> void gvir_config_domain_set_devices(GVirConfigDomain *domain,
> GList *devices);
> void gvir_config_domain_add_device(GVirConfigDomain *domain,
> diff --git a/libvirt-gconfig/libvirt-gconfig.h b/libvirt-gconfig/libvirt-gconfig.h
> index 80ca6f1..ed44682 100644
> --- a/libvirt-gconfig/libvirt-gconfig.h
> +++ b/libvirt-gconfig/libvirt-gconfig.h
> @@ -41,6 +41,7 @@
> #include <libvirt-gconfig/libvirt-gconfig-domain-interface.h>
> #include <libvirt-gconfig/libvirt-gconfig-domain-interface-network.h>
> #include <libvirt-gconfig/libvirt-gconfig-domain-os.h>
> +#include <libvirt-gconfig/libvirt-gconfig-domain-seclabel.h>
> #include <libvirt-gconfig/libvirt-gconfig-domain-snapshot.h>
> #include <libvirt-gconfig/libvirt-gconfig-domain-timer.h>
> #include <libvirt-gconfig/libvirt-gconfig-domain-video.h>
> diff --git a/libvirt-gconfig/libvirt-gconfig.sym b/libvirt-gconfig/libvirt-gconfig.sym
> index 9236101..b222783 100644
> --- a/libvirt-gconfig/libvirt-gconfig.sym
> +++ b/libvirt-gconfig/libvirt-gconfig.sym
> @@ -19,6 +19,7 @@ LIBVIRT_GCONFIG_0.0.1 {
> gvir_config_domain_get_name;
> gvir_config_domain_set_name;
> gvir_config_domain_set_os;
> + gvir_config_domain_set_seclabel;
> gvir_config_domain_get_vcpus;
> gvir_config_domain_set_vcpus;
> gvir_config_domain_get_virt_type;
> @@ -119,6 +120,15 @@ LIBVIRT_GCONFIG_0.0.1 {
> gvir_config_domain_snapshot_new;
> gvir_config_domain_snapshot_new_from_xml;
>
> + gvir_config_domain_seclabel_get_type;
> + gvir_config_domain_seclabel_type_get_type;
> + gvir_config_domain_seclabel_new;
> + gvir_config_domain_seclabel_new_from_xml;
> + gvir_config_domain_seclabel_set_type;
> + gvir_config_domain_seclabel_set_model;
> + gvir_config_domain_seclabel_set_baselabel;
> + gvir_config_domain_seclabel_set_label;
> +
> gvir_config_domain_timer_get_type;
> gvir_config_domain_timer_new;
> gvir_config_domain_timer_new_from_xml;
> --
> 1.7.6.4
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20111201/1a953de1/attachment-0001.sig>
More information about the libvir-list
mailing list