[libvirt] [PATCH v7 2/2] bhyve: add ACL support
Daniel P. Berrange
berrange at redhat.com
Tue Feb 11 11:21:47 UTC 2014
On Sun, Feb 09, 2014 at 06:46:13PM +0400, Roman Bogorodskiy wrote:
> ---
> src/Makefile.am | 5 ++--
> src/bhyve/bhyve_driver.c | 63 ++++++++++++++++++++++++++++++++++++++++++++----
> 2 files changed, 61 insertions(+), 7 deletions(-)
>
> diff --git a/src/Makefile.am b/src/Makefile.am
> index 3567d13..d0aa18d 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -1330,8 +1330,9 @@ noinst_LTLIBRARIES += libvirt_driver_bhyve.la
> endif ! WITH_DRIVER_MODULES
>
> libvirt_driver_bhyve_impl_la_CFLAGS = \
> - -I$(top_srcdir)/src/conf \
> - $(AM_CFLAGS)
> + -I$(top_srcdir)/src/access \
> + -I$(top_srcdir)/src/conf \
> + $(AM_CFLAGS)
> libvirt_driver_bhyve_impl_la_LDFLAGS = $(AM_LDFLAGS)
> libvirt_driver_bhyve_impl_la_SOURCES = $(BHYVE_DRIVER_SOURCES)
> endif WITH_BHYVE
> diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c
> index e8e082b..2d2e54e 100644
> --- a/src/bhyve/bhyve_driver.c
> +++ b/src/bhyve/bhyve_driver.c
> @@ -47,6 +47,7 @@
> #include "virrandom.h"
> #include "virstring.h"
> #include "cpu/cpu.h"
> +#include "viraccessapicheck.h"
>
> #include "bhyve_driver.h"
> #include "bhyve_process.h"
> @@ -101,6 +102,9 @@ bhyveConnectGetCapabilities(virConnectPtr conn)
> bhyveConnPtr privconn = conn->privateData;
> char *xml;
>
> + if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
> + return NULL;
> +
> bhyveDriverLock(privconn);
> if ((xml = virCapabilitiesFormatXML(privconn->caps)) == NULL)
> virReportOOMError();
> @@ -157,6 +161,9 @@ bhyveConnectOpen(virConnectPtr conn,
> return VIR_DRV_OPEN_ERROR;
> }
>
> + if (virConnectOpenEnsureACL(conn) < 0)
> + return VIR_DRV_OPEN_ERROR;
> +
> conn->privateData = bhyve_driver;
>
> return VIR_DRV_OPEN_SUCCESS;
> @@ -173,6 +180,9 @@ bhyveConnectClose(virConnectPtr conn)
> static char *
> bhyveConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED)
> {
> + if (virConnectGetHostnameEnsureACL(conn) < 0)
> + return NULL;
> +
> return virGetHostname();
> }
>
> @@ -181,6 +191,9 @@ bhyveConnectGetVersion(virConnectPtr conn ATTRIBUTE_UNUSED, unsigned long *versi
> {
> struct utsname ver;
>
> + if (virConnectGetVersionEnsureACL(conn) < 0)
> + return -1;
> +
> uname(&ver);
>
> if (virParseVersionString(ver.release, version, true) < 0) {
> @@ -201,6 +214,9 @@ bhyveDomainGetInfo(virDomainPtr domain, virDomainInfoPtr info)
> if (!(vm = bhyveDomObjFromDomain(domain)))
> goto cleanup;
>
> + if (virDomainGetInfoEnsureACL(domain->conn, vm->def) < 0)
> + goto cleanup;
> +
> info->state = virDomainObjGetState(vm, NULL);
> info->maxMem = vm->def->mem.max_balloon;
> info->nrVirtCpu = vm->def->vcpus;
> @@ -226,6 +242,9 @@ bhyveDomainGetState(virDomainPtr domain,
> if (!(vm = bhyveDomObjFromDomain(domain)))
> goto cleanup;
>
> + if (virDomainGetStateEnsureACL(domain->conn, vm->def) < 0)
> + goto cleanup;
> +
> *state = virDomainObjGetState(vm, reason);
> ret = 0;
>
> @@ -244,6 +263,9 @@ bhyveDomainGetXMLDesc(virDomainPtr domain, unsigned int flags)
> if (!(vm = bhyveDomObjFromDomain(domain)))
> goto cleanup;
>
> + if (virDomainGetXMLDescEnsureACL(domain->conn, vm->def, flags) < 0)
> + goto cleanup;
> +
> ret = virDomainDefFormat(vm->def, flags);
>
> cleanup:
> @@ -269,6 +291,9 @@ bhyveDomainDefineXML(virConnectPtr conn, const char *xml)
> goto cleanup;
> }
>
> + if (virDomainDefineXMLEnsureACL(conn, def) < 0)
> + goto cleanup;
> +
> if (!(vm = virDomainObjListAdd(privconn->domains, def,
> privconn->xmlopt,
> 0, &oldDef)))
> @@ -296,8 +321,11 @@ bhyveConnectListDomains(virConnectPtr conn, int *ids, int maxids)
> bhyveConnPtr privconn = conn->privateData;
> int n;
>
> + if (virConnectListDomainsEnsureACL(conn) < 0)
> + return -1;
> +
> n = virDomainObjListGetActiveIDs(privconn->domains, ids, maxids,
> - NULL, NULL);
> + virConnectListDomainsCheckACL, conn);
>
> return n;
> }
> @@ -308,8 +336,11 @@ bhyveConnectNumOfDomains(virConnectPtr conn)
> bhyveConnPtr privconn = conn->privateData;
> int count;
>
> + if (virConnectNumOfDomainsEnsureACL(conn) < 0)
> + return -1;
> +
> count = virDomainObjListNumOfDomains(privconn->domains, true,
> - NULL, NULL);
> + virConnectNumOfDomainsCheckACL, conn);
>
> return count;
> }
> @@ -321,9 +352,12 @@ bhyveConnectListDefinedDomains(virConnectPtr conn, char **const names,
> bhyveConnPtr privconn = conn->privateData;
> int n;
>
> + if (virConnectListDefinedDomainsEnsureACL(conn) < 0)
> + return -1;
> +
> memset(names, 0, sizeof(*names) * maxnames);
> n = virDomainObjListGetInactiveNames(privconn->domains, names,
> - maxnames, NULL, NULL);
> + maxnames, virConnectListDefinedDomainsCheckACL, conn);
>
> return n;
> }
> @@ -334,8 +368,11 @@ bhyveConnectNumOfDefinedDomains(virConnectPtr conn)
> bhyveConnPtr privconn = conn->privateData;
> int count;
>
> + if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0)
> + return -1;
> +
> count = virDomainObjListNumOfDomains(privconn->domains, false,
> - NULL, NULL);
> + virConnectNumOfDefinedDomainsCheckACL, conn);
>
> return count;
> }
> @@ -350,8 +387,11 @@ bhyveConnectListAllDomains(virConnectPtr conn,
>
> virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1);
>
> + if (virConnectListAllDomainsEnsureACL(conn) < 0)
> + return -1;
> +
> ret = virDomainObjListExport(privconn->domains, conn, domains,
> - NULL, flags);
> + virConnectListAllDomainsCheckACL, flags);
>
> return ret;
> }
> @@ -374,6 +414,9 @@ bhyveDomainLookupByUUID(virConnectPtr conn,
> goto cleanup;
> }
>
> + if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0)
> + goto cleanup;
> +
> dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
> if (dom)
> dom->id = vm->def->id;
> @@ -398,6 +441,10 @@ static virDomainPtr bhyveDomainLookupByName(virConnectPtr conn,
> _("no domain with matching name '%s'"), name);
> goto cleanup;
> }
> +
> + if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0)
> + goto cleanup;
> +
> dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
> if (dom)
> dom->id = vm->def->id;
> @@ -418,6 +465,9 @@ bhyveDomainCreate(virDomainPtr dom)
> if (!(vm = bhyveDomObjFromDomain(dom)))
> goto cleanup;
>
> + if (virDomainCreateEnsureACL(dom->conn, vm->def) < 0)
> + goto cleanup;
> +
> if (virDomainObjIsActive(vm)) {
> virReportError(VIR_ERR_OPERATION_INVALID,
> "%s", _("Domain is already running"));
> @@ -443,6 +493,9 @@ bhyveDomainDestroy(virDomainPtr dom)
> if (!(vm = bhyveDomObjFromDomain(dom)))
> goto cleanup;
>
> + if (virDomainDestroyEnsureACL(dom->conn, vm->def) < 0)
> + goto cleanup;
> +
> ret = virBhyveProcessStop(privconn, vm, VIR_DOMAIN_SHUTOFF_DESTROYED);
>
> cleanup:
ACK, but this should be just merged with the previous patch, since we
want to make sure 'make check' passes for each individual patch.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list