[libvirt] [PATCH libvirt-glib 6/5] Add support for setting security labels

Christophe Fergeau cfergeau at redhat.com
Thu Dec 1 09:44:14 UTC 2011


ACK apart a few small nits below

On Wed, Nov 30, 2011 at 05:09:50PM +0000, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
> 
> Add support for the <seclabel> element via a new object
> GVirConfigDomainSeclabel.
> 
> * libvirt-gconfig-domain-seclabel.c, libvirt-gconfig-domain-seclabel.h,
>   Makefile.am, libvirt-gconfig.h, libvirt-gconfig.sym: New objects
> * libvirt-gconfig-domain.c, libvirt-gconfig-domain.h: API to
>   associate seclabel with an domain
> ---
>  libvirt-gconfig/Makefile.am                       |    2 +
>  libvirt-gconfig/libvirt-gconfig-domain-seclabel.c |  113 +++++++++++++++++++++
>  libvirt-gconfig/libvirt-gconfig-domain-seclabel.h |   76 ++++++++++++++
>  libvirt-gconfig/libvirt-gconfig-domain.c          |   10 ++
>  libvirt-gconfig/libvirt-gconfig-domain.h          |    2 +
>  libvirt-gconfig/libvirt-gconfig.h                 |    1 +
>  libvirt-gconfig/libvirt-gconfig.sym               |   10 ++
>  7 files changed, 214 insertions(+), 0 deletions(-)
>  create mode 100644 libvirt-gconfig/libvirt-gconfig-domain-seclabel.c
>  create mode 100644 libvirt-gconfig/libvirt-gconfig-domain-seclabel.h
> 
> diff --git a/libvirt-gconfig/Makefile.am b/libvirt-gconfig/Makefile.am
> index 7c9e8c0..ddae5fa 100644
> --- a/libvirt-gconfig/Makefile.am
> +++ b/libvirt-gconfig/Makefile.am
> @@ -25,6 +25,7 @@ GCONFIG_HEADER_FILES = \
>  			libvirt-gconfig-domain-interface.h \
>  			libvirt-gconfig-domain-interface-network.h \
>  			libvirt-gconfig-domain-os.h \
> +			libvirt-gconfig-domain-seclabel.h \
>  			libvirt-gconfig-domain-snapshot.h \
>  			libvirt-gconfig-domain-timer.h \
>  			libvirt-gconfig-domain-video.h \
> @@ -57,6 +58,7 @@ GCONFIG_SOURCE_FILES = \
>  			libvirt-gconfig-domain-interface.c \
>  			libvirt-gconfig-domain-interface-network.c \
>  			libvirt-gconfig-domain-os.c \
> +			libvirt-gconfig-domain-seclabel.c \
>  			libvirt-gconfig-domain-snapshot.c \
>  			libvirt-gconfig-domain-timer.c \
>  			libvirt-gconfig-domain-video.c \
> diff --git a/libvirt-gconfig/libvirt-gconfig-domain-seclabel.c b/libvirt-gconfig/libvirt-gconfig-domain-seclabel.c
> new file mode 100644
> index 0000000..61fbb48
> --- /dev/null
> +++ b/libvirt-gconfig/libvirt-gconfig-domain-seclabel.c
> @@ -0,0 +1,113 @@
> +/*
> + * libvirt-gobject-config-domain-seclabel.c: libvirt glib integration
> + *
> + * Copyright (C) 2011 Red Hat
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPSECLABELE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, write to the Free Software
> + * Foundation, Inc., 59 Temple Place, Suite 330, Bseclabelton, MA 02111-1307  USA
> + *
> + * Author: Christophe Fergeau <cfergeau at gmail.com>

Same comment as all the other patches

> + */
> +
> +#include <config.h>
> +
> +#include <string.h>
> +
> +#include <libxml/tree.h>

This include can probably be removed from most of the new files you add in
this series.

> +
> +#include "libvirt-gconfig/libvirt-gconfig.h"
> +#include "libvirt-gconfig/libvirt-gconfig-helpers-private.h"
> +#include "libvirt-gconfig/libvirt-gconfig-object-private.h"
> +
> +#define GVIR_CONFIG_DOMAIN_SECLABEL_GET_PRIVATE(obj)                         \
> +        (G_TYPE_INSTANCE_GET_PRIVATE((obj), GVIR_TYPE_CONFIG_DOMAIN_SECLABEL, GVirConfigDomainSeclabelPrivate))
> +
> +struct _GVirConfigDomainSeclabelPrivate
> +{
> +    gboolean unused;
> +};
> +
> +G_DEFINE_TYPE(GVirConfigDomainSeclabel, gvir_config_domain_seclabel, GVIR_TYPE_CONFIG_OBJECT);
> +
> +
> +static void gvir_config_domain_seclabel_class_init(GVirConfigDomainSeclabelClass *klass)
> +{
> +    g_type_class_add_private(klass, sizeof(GVirConfigDomainSeclabelPrivate));
> +}
> +
> +
> +static void gvir_config_domain_seclabel_init(GVirConfigDomainSeclabel *seclabel)
> +{
> +    g_debug("Init GVirConfigDomainSeclabel=%p", seclabel);
> +
> +    seclabel->priv = GVIR_CONFIG_DOMAIN_SECLABEL_GET_PRIVATE(seclabel);
> +}
> +
> +
> +GVirConfigDomainSeclabel *gvir_config_domain_seclabel_new(void)
> +{
> +    GVirConfigObject *object;
> +
> +    object = gvir_config_object_new(GVIR_TYPE_CONFIG_DOMAIN_SECLABEL, "seclabel", NULL);
> +    return GVIR_CONFIG_DOMAIN_SECLABEL(object);
> +}
> +
> +GVirConfigDomainSeclabel *gvir_config_domain_seclabel_new_from_xml(const gchar *xml, GError **error)
> +{
> +    GVirConfigObject *object;
> +
> +    object = gvir_config_object_new_from_xml(GVIR_TYPE_CONFIG_DOMAIN_SECLABEL, "seclabel",
> +                                             NULL, xml, error);
> +    return GVIR_CONFIG_DOMAIN_SECLABEL(object);
> +}
> +
> +void gvir_config_domain_seclabel_set_type(GVirConfigDomainSeclabel *seclabel,
> +                                          GVirConfigDomainSeclabelType type)
> +{
> +    g_return_if_fail(GVIR_IS_CONFIG_DOMAIN_SECLABEL(seclabel));
> +
> +    gvir_config_object_set_attribute_with_type(GVIR_CONFIG_OBJECT(seclabel),
> +                                               "type",
> +                                               GVIR_TYPE_CONFIG_DOMAIN_SECLABEL_TYPE,
> +                                               type, NULL);
> +}
> +
> +void gvir_config_domain_seclabel_set_model(GVirConfigDomainSeclabel *seclabel,
> +                                           const gchar *model)
> +{
> +    g_return_if_fail(GVIR_IS_CONFIG_DOMAIN_SECLABEL(seclabel));
> +
> +    gvir_config_object_set_attribute(GVIR_CONFIG_OBJECT(seclabel),
> +                                     "model", model,
> +                                     NULL);
> +
> +}
> +
> +void gvir_config_domain_seclabel_set_baselabel(GVirConfigDomainSeclabel *seclabel,
> +                                               const char *label)
> +{
> +    g_return_if_fail(GVIR_IS_CONFIG_DOMAIN_SECLABEL(seclabel));
> +
> +    gvir_config_object_set_node_content(GVIR_CONFIG_OBJECT(seclabel),
> +                                        "baselabel", label);
> +}
> +
> +void gvir_config_domain_seclabel_set_label(GVirConfigDomainSeclabel *seclabel,
> +                                           const char *label)
> +{
> +    g_return_if_fail(GVIR_IS_CONFIG_DOMAIN_SECLABEL(seclabel));
> +
> +    gvir_config_object_set_node_content(GVIR_CONFIG_OBJECT(seclabel),
> +                                        "label", label);
> +}
> diff --git a/libvirt-gconfig/libvirt-gconfig-domain-seclabel.h b/libvirt-gconfig/libvirt-gconfig-domain-seclabel.h
> new file mode 100644
> index 0000000..cfa37a1
> --- /dev/null
> +++ b/libvirt-gconfig/libvirt-gconfig-domain-seclabel.h
> @@ -0,0 +1,76 @@
> +/*
> + * libvirt-gobject-domain-seclabel.c: libvirt gobject integration

.h

> + *
> + * Copyright (C) 2011 Red Hat
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPSECLABELE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, write to the Free Software
> + * Foundation, Inc., 59 Temple Place, Suite 330, Bseclabelton, MA 02111-1307  USA
> + *
> + * Author: Christophe Fergeau <cfergeau at gmail.com>
> + */
> +
> +#if !defined(__LIBVIRT_GCONFIG_H__) && !defined(LIBVIRT_GCONFIG_BUILD)
> +#error "Only <libvirt-gconfig/libvirt-gconfig.h> can be included directly."
> +#endif
> +
> +#ifndef __LIBVIRT_GCONFIG_DOMAIN_SECLABEL_H__
> +#define __LIBVIRT_GCONFIG_DOMAIN_SECLABEL_H__
> +
> +G_BEGIN_DECLS
> +
> +#define GVIR_TYPE_CONFIG_DOMAIN_SECLABEL            (gvir_config_domain_seclabel_get_type ())
> +#define GVIR_CONFIG_DOMAIN_SECLABEL(obj)            (G_TYPE_CHECK_INSTANCE_CAST ((obj), GVIR_TYPE_CONFIG_DOMAIN_SECLABEL, GVirConfigDomainSeclabel))
> +#define GVIR_CONFIG_DOMAIN_SECLABEL_CLASS(klass)    (G_TYPE_CHECK_CLASS_CAST ((klass), GVIR_TYPE_CONFIG_DOMAIN_SECLABEL, GVirConfigDomainSeclabelClass))
> +#define GVIR_IS_CONFIG_DOMAIN_SECLABEL(obj)         (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GVIR_TYPE_CONFIG_DOMAIN_SECLABEL))
> +#define GVIR_IS_CONFIG_DOMAIN_SECLABEL_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GVIR_TYPE_CONFIG_DOMAIN_SECLABEL))
> +#define GVIR_CONFIG_DOMAIN_SECLABEL_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS ((obj), GVIR_TYPE_CONFIG_DOMAIN_SECLABEL, GVirConfigDomainSeclabelClass))
> +
> +typedef struct _GVirConfigDomainSeclabel GVirConfigDomainSeclabel;
> +typedef struct _GVirConfigDomainSeclabelPrivate GVirConfigDomainSeclabelPrivate;
> +typedef struct _GVirConfigDomainSeclabelClass GVirConfigDomainSeclabelClass;
> +
> +struct _GVirConfigDomainSeclabel
> +{
> +    GVirConfigObject parent;
> +
> +    GVirConfigDomainSeclabelPrivate *priv;
> +
> +    /* Do not add fields to this struct */
> +};
> +
> +struct _GVirConfigDomainSeclabelClass
> +{
> +    GVirConfigObjectClass parent_class;
> +
> +    gpointer padding[20];
> +};
> +
> +typedef enum {
> +    GVIR_CONFIG_DOMAIN_SECLABEL_TYPE_DYNAMIC,
> +    GVIR_CONFIG_DOMAIN_SECLABEL_TYPE_STATIC
> +} GVirConfigDomainSeclabelType;
> +
> +GType gvir_config_domain_seclabel_get_type(void);
> +
> +GVirConfigDomainSeclabel *gvir_config_domain_seclabel_new(void);
> +GVirConfigDomainSeclabel *gvir_config_domain_seclabel_new_from_xml(const gchar *xml, GError **error);
> +
> +void gvir_config_domain_seclabel_set_type(GVirConfigDomainSeclabel *seclabel, GVirConfigDomainSeclabelType type);
> +void gvir_config_domain_seclabel_set_model(GVirConfigDomainSeclabel *seclabel, const gchar *model);
> +void gvir_config_domain_seclabel_set_baselabel(GVirConfigDomainSeclabel *seclabel, const gchar *label);
> +void gvir_config_domain_seclabel_set_label(GVirConfigDomainSeclabel *seclabel, const gchar *label);
> +
> +G_END_DECLS
> +
> +#endif /* __LIBVIRT_GCONFIG_DOMAIN_SECLABEL_H__ */
> diff --git a/libvirt-gconfig/libvirt-gconfig-domain.c b/libvirt-gconfig/libvirt-gconfig-domain.c
> index 8fb1a2b..d83baea 100644
> --- a/libvirt-gconfig/libvirt-gconfig-domain.c
> +++ b/libvirt-gconfig/libvirt-gconfig-domain.c
> @@ -298,6 +298,16 @@ void gvir_config_domain_set_os(GVirConfigDomain *domain,
>                                GVIR_CONFIG_OBJECT(os));
>  }
>  
> +void gvir_config_domain_set_seclabel(GVirConfigDomain *domain,
> +                                     GVirConfigDomainSeclabel *seclabel)
> +{
> +    g_return_if_fail(GVIR_IS_CONFIG_DOMAIN(domain));
> +    g_return_if_fail(GVIR_IS_CONFIG_DOMAIN_SECLABEL(seclabel));
> +
> +    gvir_config_object_attach(GVIR_CONFIG_OBJECT(domain),
> +                              GVIR_CONFIG_OBJECT(seclabel));
> +}
> +
>  /**
>   * gvir_config_domain_set_devices:
>   * @devices: (in) (element-type LibvirtGConfig.DomainDevice):
> diff --git a/libvirt-gconfig/libvirt-gconfig-domain.h b/libvirt-gconfig/libvirt-gconfig-domain.h
> index c97ff46..6d4195f 100644
> --- a/libvirt-gconfig/libvirt-gconfig-domain.h
> +++ b/libvirt-gconfig/libvirt-gconfig-domain.h
> @@ -87,6 +87,8 @@ void gvir_config_domain_set_clock(GVirConfigDomain *domain,
>                                    GVirConfigDomainClock *klock);
>  void gvir_config_domain_set_os(GVirConfigDomain *domain,
>                                 GVirConfigDomainOs *os);
> +void gvir_config_domain_set_seclabel(GVirConfigDomain *domain,
> +                                     GVirConfigDomainSeclabel *seclabel);
>  void gvir_config_domain_set_devices(GVirConfigDomain *domain,
>                                      GList *devices);
>  void gvir_config_domain_add_device(GVirConfigDomain *domain,
> diff --git a/libvirt-gconfig/libvirt-gconfig.h b/libvirt-gconfig/libvirt-gconfig.h
> index 80ca6f1..ed44682 100644
> --- a/libvirt-gconfig/libvirt-gconfig.h
> +++ b/libvirt-gconfig/libvirt-gconfig.h
> @@ -41,6 +41,7 @@
>  #include <libvirt-gconfig/libvirt-gconfig-domain-interface.h>
>  #include <libvirt-gconfig/libvirt-gconfig-domain-interface-network.h>
>  #include <libvirt-gconfig/libvirt-gconfig-domain-os.h>
> +#include <libvirt-gconfig/libvirt-gconfig-domain-seclabel.h>
>  #include <libvirt-gconfig/libvirt-gconfig-domain-snapshot.h>
>  #include <libvirt-gconfig/libvirt-gconfig-domain-timer.h>
>  #include <libvirt-gconfig/libvirt-gconfig-domain-video.h>
> diff --git a/libvirt-gconfig/libvirt-gconfig.sym b/libvirt-gconfig/libvirt-gconfig.sym
> index 9236101..b222783 100644
> --- a/libvirt-gconfig/libvirt-gconfig.sym
> +++ b/libvirt-gconfig/libvirt-gconfig.sym
> @@ -19,6 +19,7 @@ LIBVIRT_GCONFIG_0.0.1 {
>  	gvir_config_domain_get_name;
>  	gvir_config_domain_set_name;
>  	gvir_config_domain_set_os;
> +	gvir_config_domain_set_seclabel;
>  	gvir_config_domain_get_vcpus;
>  	gvir_config_domain_set_vcpus;
>  	gvir_config_domain_get_virt_type;
> @@ -119,6 +120,15 @@ LIBVIRT_GCONFIG_0.0.1 {
>  	gvir_config_domain_snapshot_new;
>  	gvir_config_domain_snapshot_new_from_xml;
>  
> +	gvir_config_domain_seclabel_get_type;
> +	gvir_config_domain_seclabel_type_get_type;
> +	gvir_config_domain_seclabel_new;
> +	gvir_config_domain_seclabel_new_from_xml;
> +	gvir_config_domain_seclabel_set_type;
> +	gvir_config_domain_seclabel_set_model;
> +	gvir_config_domain_seclabel_set_baselabel;
> +	gvir_config_domain_seclabel_set_label;
> +
>  	gvir_config_domain_timer_get_type;
>  	gvir_config_domain_timer_new;
>  	gvir_config_domain_timer_new_from_xml;
> -- 
> 1.7.6.4
> 
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20111201/1a953de1/attachment-0001.sig>


More information about the libvir-list mailing list