[libvirt] [PATCH v7 2/2] bhyve: add ACL support

Daniel P. Berrange berrange at redhat.com
Tue Feb 11 11:21:47 UTC 2014


On Sun, Feb 09, 2014 at 06:46:13PM +0400, Roman Bogorodskiy wrote:
> ---
>  src/Makefile.am          |  5 ++--
>  src/bhyve/bhyve_driver.c | 63 ++++++++++++++++++++++++++++++++++++++++++++----
>  2 files changed, 61 insertions(+), 7 deletions(-)
> 
> diff --git a/src/Makefile.am b/src/Makefile.am
> index 3567d13..d0aa18d 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -1330,8 +1330,9 @@ noinst_LTLIBRARIES += libvirt_driver_bhyve.la
>  endif ! WITH_DRIVER_MODULES
>  
>  libvirt_driver_bhyve_impl_la_CFLAGS = \
> -               -I$(top_srcdir)/src/conf \
> -               $(AM_CFLAGS)
> +	-I$(top_srcdir)/src/access \
> +	-I$(top_srcdir)/src/conf \
> +	$(AM_CFLAGS)
>  libvirt_driver_bhyve_impl_la_LDFLAGS = $(AM_LDFLAGS)
>  libvirt_driver_bhyve_impl_la_SOURCES = $(BHYVE_DRIVER_SOURCES)
>  endif WITH_BHYVE
> diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c
> index e8e082b..2d2e54e 100644
> --- a/src/bhyve/bhyve_driver.c
> +++ b/src/bhyve/bhyve_driver.c
> @@ -47,6 +47,7 @@
>  #include "virrandom.h"
>  #include "virstring.h"
>  #include "cpu/cpu.h"
> +#include "viraccessapicheck.h"
>  
>  #include "bhyve_driver.h"
>  #include "bhyve_process.h"
> @@ -101,6 +102,9 @@ bhyveConnectGetCapabilities(virConnectPtr conn)
>      bhyveConnPtr privconn = conn->privateData;
>      char *xml;
>  
> +    if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
> +        return NULL;
> +
>      bhyveDriverLock(privconn);
>      if ((xml = virCapabilitiesFormatXML(privconn->caps)) == NULL)
>          virReportOOMError();
> @@ -157,6 +161,9 @@ bhyveConnectOpen(virConnectPtr conn,
>           return VIR_DRV_OPEN_ERROR;
>       }
>  
> +     if (virConnectOpenEnsureACL(conn) < 0)
> +         return VIR_DRV_OPEN_ERROR;
> +
>       conn->privateData = bhyve_driver;
>  
>       return VIR_DRV_OPEN_SUCCESS;
> @@ -173,6 +180,9 @@ bhyveConnectClose(virConnectPtr conn)
>  static char *
>  bhyveConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED)
>  {
> +    if (virConnectGetHostnameEnsureACL(conn) < 0)
> +        return NULL;
> +
>      return virGetHostname();
>  }
>  
> @@ -181,6 +191,9 @@ bhyveConnectGetVersion(virConnectPtr conn ATTRIBUTE_UNUSED, unsigned long *versi
>  {
>      struct utsname ver;
>  
> +    if (virConnectGetVersionEnsureACL(conn) < 0)
> +        return -1;
> +
>      uname(&ver);
>  
>      if (virParseVersionString(ver.release, version, true) < 0) {
> @@ -201,6 +214,9 @@ bhyveDomainGetInfo(virDomainPtr domain, virDomainInfoPtr info)
>      if (!(vm = bhyveDomObjFromDomain(domain)))
>          goto cleanup;
>  
> +    if (virDomainGetInfoEnsureACL(domain->conn, vm->def) < 0)
> +        goto cleanup;
> +
>      info->state = virDomainObjGetState(vm, NULL);
>      info->maxMem = vm->def->mem.max_balloon;
>      info->nrVirtCpu = vm->def->vcpus;
> @@ -226,6 +242,9 @@ bhyveDomainGetState(virDomainPtr domain,
>      if (!(vm = bhyveDomObjFromDomain(domain)))
>          goto cleanup;
>  
> +    if (virDomainGetStateEnsureACL(domain->conn, vm->def) < 0)
> +       goto cleanup;
> +
>      *state = virDomainObjGetState(vm, reason);
>      ret = 0;
>  
> @@ -244,6 +263,9 @@ bhyveDomainGetXMLDesc(virDomainPtr domain, unsigned int flags)
>      if (!(vm = bhyveDomObjFromDomain(domain)))
>          goto cleanup;
>  
> +    if (virDomainGetXMLDescEnsureACL(domain->conn, vm->def, flags) < 0)
> +        goto cleanup;
> +
>      ret = virDomainDefFormat(vm->def, flags);
>  
>  cleanup:
> @@ -269,6 +291,9 @@ bhyveDomainDefineXML(virConnectPtr conn, const char *xml)
>          goto cleanup;
>      }
>  
> +    if (virDomainDefineXMLEnsureACL(conn, def) < 0)
> +        goto cleanup;
> +
>      if (!(vm = virDomainObjListAdd(privconn->domains, def,
>                                     privconn->xmlopt,
>                                     0, &oldDef)))
> @@ -296,8 +321,11 @@ bhyveConnectListDomains(virConnectPtr conn, int *ids, int maxids)
>      bhyveConnPtr privconn = conn->privateData;
>      int n;
>  
> +    if (virConnectListDomainsEnsureACL(conn) < 0)
> +        return -1;
> +
>      n = virDomainObjListGetActiveIDs(privconn->domains, ids, maxids,
> -                                     NULL, NULL);
> +                                     virConnectListDomainsCheckACL, conn);
>  
>      return n;
>  }
> @@ -308,8 +336,11 @@ bhyveConnectNumOfDomains(virConnectPtr conn)
>      bhyveConnPtr privconn = conn->privateData;
>      int count;
>  
> +    if (virConnectNumOfDomainsEnsureACL(conn) < 0)
> +        return -1;
> +
>      count = virDomainObjListNumOfDomains(privconn->domains, true,
> -                                         NULL, NULL);
> +                                         virConnectNumOfDomainsCheckACL, conn);
>  
>      return count;
>  }
> @@ -321,9 +352,12 @@ bhyveConnectListDefinedDomains(virConnectPtr conn, char **const names,
>      bhyveConnPtr privconn = conn->privateData;
>      int n;
>  
> +    if (virConnectListDefinedDomainsEnsureACL(conn) < 0)
> +        return -1;
> +
>      memset(names, 0, sizeof(*names) * maxnames);
>      n = virDomainObjListGetInactiveNames(privconn->domains, names,
> -                                         maxnames, NULL, NULL);
> +                                         maxnames, virConnectListDefinedDomainsCheckACL, conn);
>  
>      return n;
>  }
> @@ -334,8 +368,11 @@ bhyveConnectNumOfDefinedDomains(virConnectPtr conn)
>      bhyveConnPtr privconn = conn->privateData;
>      int count;
>  
> +    if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0)
> +        return -1;
> +
>      count = virDomainObjListNumOfDomains(privconn->domains, false,
> -                                         NULL, NULL);
> +                                         virConnectNumOfDefinedDomainsCheckACL, conn);
>  
>      return count;
>  }
> @@ -350,8 +387,11 @@ bhyveConnectListAllDomains(virConnectPtr conn,
>  
>      virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1);
>  
> +    if (virConnectListAllDomainsEnsureACL(conn) < 0)
> +        return -1;
> +
>      ret = virDomainObjListExport(privconn->domains, conn, domains,
> -                                 NULL, flags);
> +                                 virConnectListAllDomainsCheckACL, flags);
>  
>      return ret;
>  }
> @@ -374,6 +414,9 @@ bhyveDomainLookupByUUID(virConnectPtr conn,
>          goto cleanup;
>      }
>  
> +    if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0)
> +        goto cleanup;
> +
>      dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
>      if (dom)
>          dom->id = vm->def->id;
> @@ -398,6 +441,10 @@ static virDomainPtr bhyveDomainLookupByName(virConnectPtr conn,
>                         _("no domain with matching name '%s'"), name);
>          goto cleanup;
>      }
> +
> +    if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0)
> +        goto cleanup;
> +
>      dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
>      if (dom)
>          dom->id = vm->def->id;
> @@ -418,6 +465,9 @@ bhyveDomainCreate(virDomainPtr dom)
>      if (!(vm = bhyveDomObjFromDomain(dom)))
>          goto cleanup;
>  
> +    if (virDomainCreateEnsureACL(dom->conn, vm->def) < 0)
> +        goto cleanup;
> +
>      if (virDomainObjIsActive(vm)) {
>          virReportError(VIR_ERR_OPERATION_INVALID,
>                         "%s", _("Domain is already running"));
> @@ -443,6 +493,9 @@ bhyveDomainDestroy(virDomainPtr dom)
>      if (!(vm = bhyveDomObjFromDomain(dom)))
>          goto cleanup;
>  
> +    if (virDomainDestroyEnsureACL(dom->conn, vm->def) < 0)
> +        goto cleanup;
> +
>      ret = virBhyveProcessStop(privconn, vm, VIR_DOMAIN_SHUTOFF_DESTROYED);
>  
>  cleanup:

ACK, but this should be just merged with the previous patch, since we
want to make sure 'make check' passes for each individual patch.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list