[libvirt] [PATCH v1 04/10] locking: Add virLockSeclabelProtocol

Michal Privoznik mprivozn at redhat.com
Wed Sep 10 13:26:10 UTC 2014 

So far no ConnectOpen() is introduced as it's not needed for such
simple use case like this. It's crucial to separate this from
virLockSpace program that already exists. Not only it requires
virDomainObjPtr for its ConnectOpen() (subsequently all security
drivers would need rework as they use virDomainDefPtr), but from
nature of things it doesn't belong there either. virLockSpace handles
disk locking, not labeling and it's not clean to pollute its
namespace anyway.

Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
---
 .gitignore                           |  2 ++
 src/Makefile.am                      | 27 ++++++++++++++----
 src/lock_seclabel_protocol-structs   | 21 ++++++++++++++
 src/locking/lock_seclabel_protocol.x | 53 ++++++++++++++++++++++++++++++++++++
 4 files changed, 98 insertions(+), 5 deletions(-)
 create mode 100644 src/lock_seclabel_protocol-structs
 create mode 100644 src/locking/lock_seclabel_protocol.x

diff --git a/.gitignore b/.gitignore
index 9776ea1..f75ec19 100644
--- a/.gitignore
+++ b/.gitignore
@@ -123,7 +123,9 @@
 /src/libvirt_*probes.h
 /src/libvirt_lxc
 /src/locking/lock_daemon_dispatch_stubs.h
+/src/locking/lock_daemon_seclabel_dispatch_stubs.h
 /src/locking/lock_protocol.[ch]
+/src/locking/lock_seclabel_protocol.[ch]
 /src/locking/qemu-lockd.conf
 /src/locking/qemu-sanlock.conf
 /src/locking/test_libvirt_sanlock.aug
diff --git a/src/Makefile.am b/src/Makefile.am
index fa741a8..7302abb 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -202,16 +202,21 @@ LOCK_DRIVER_SANLOCK_HELPER_SOURCES = \
 LOCK_PROTOCOL_GENERATED = \
 		locking/lock_protocol.h \
 		locking/lock_protocol.c \
+		locking/lock_seclabel_protocol.h \
+		locking/lock_seclabel_protocol.c \
 		$(NULL)
 
 LOCK_PROTOCOL = $(srcdir)/locking/lock_protocol.x
+LOCK_SECLABEL_PROTOCOL = $(srcdir)/locking/lock_seclabel_protocol.x
 EXTRA_DIST += $(LOCK_PROTOCOL) \
-	$(LOCK_PROTOCOL_GENERATED)
+			  $(LOCK_SECLABEL_PROTOCOL) \
+			  $(LOCK_PROTOCOL_GENERATED)
 BUILT_SOURCES += $(LOCK_PROTOCOL_GENERATED)
 MAINTAINERCLEANFILES += $(LOCK_PROTOCOL_GENERATED)
 
 LOCK_DAEMON_GENERATED = \
-		locking/lock_daemon_dispatch_stubs.h
+		locking/lock_daemon_dispatch_stubs.h \
+		locking/lock_daemon_seclabel_dispatch_stubs.h
 		$(NULL)
 
 BUILT_SOURCES += $(LOCK_DAEMON_GENERATED)
@@ -237,6 +242,11 @@ locking/lock_daemon_dispatch_stubs.h: $(LOCK_PROTOCOL) \
 	    virLockSpaceProtocol VIR_LOCK_SPACE_PROTOCOL \
 	    $(LOCK_PROTOCOL) > $(srcdir)/locking/lock_daemon_dispatch_stubs.h
 
+locking/lock_daemon_seclabel_dispatch_stubs.h: $(LOCK_SECLABEL_PROTOCOL) \
+		$(srcdir)/rpc/gendispatch.pl Makefile.am
+	$(AM_V_GEN)perl -w $(srcdir)/rpc/gendispatch.pl --mode=server \
+		virLockSeclabelProtocol VIR_LOCK_SECLABEL_PROTOCOL \
+		$(LOCK_SECLABEL_PROTOCOL) > $(srcdir)/$@
 
 NETDEV_CONF_SOURCES =						\
 		conf/netdev_bandwidth_conf.h conf/netdev_bandwidth_conf.c \
@@ -387,7 +397,8 @@ EXTRA_DIST +=  $(REMOTE_DRIVER_PROTOCOL) \
 # The alternation of the following regexps matches both cases.
 r1 = /\* \d+ \*/
 r2 = /\* <[[:xdigit:]]+> \S+:\d+ \*/
-struct_prefix = (remote_|qemu_|lxc_|keepalive|vir(Net|LockSpace|LXCMonitor))
+struct_prefix1 = (remote_|qemu_|lxc_|keepalive)
+struct_prefix2 = vir(Net|LockSpace|LockSeclabel|LXCMonitor)
 
 # Depending on configure options, libtool creates one or both of
 # remote/{,.libs/}libvirt_driver_remote_la-remote_protocol.o.  We want
@@ -406,7 +417,8 @@ PDWTAGS = \
 	  else								\
 	    $(PERL) -0777 -n						\
 		-e 'foreach my $$p (split m!\n*(?:$(r1)|$(r2))\n!) {'	\
-		-e '  if ($$p =~ /^(struct|enum) $(struct_prefix)/ ||'	\
+		-e '  if ($$p =~ /^(struct|enum) $(struct_prefix1)/ ||'	\
+		-e '      $$P =~ /^(struct|enum) $(struct_prefix2)/ ||' \
 		-e '      $$p =~ /^enum {/) {'				\
 		-e '    $$p =~ s!\t*/\*.*?\*/!!sg;'			\
 		-e '    $$p =~ s!\s+\n!\n!sg;'				\
@@ -459,6 +471,7 @@ PROTOCOL_STRUCTS = \
 	$(srcdir)/virkeepaliveprotocol-structs \
 	$(srcdir)/lxc_monitor_protocol-structs \
 	$(srcdir)/lock_protocol-structs \
+	$(srcdir)/lock_seclabel_protocol-structs \
 	$(NULL)
 
 if WITH_REMOTE
@@ -480,6 +493,9 @@ $(srcdir)/lxc_monitor_protocol-struct: \
 $(srcdir)/lock_protocol-struct: \
 		$(srcdir)/%-struct: locking/lockd_la-%.lo
 	$(PDWTAGS)
+$(srcdir)/lock_seclabel_protocol-struct: \
+		$(srcdir)/%-struct: locking/lockd_la-%.lo
+	$(PDWTAGS)
 
 else !WITH_REMOTE
 # The $(PROTOCOL_STRUCTS) files must live in git, because they cannot be
@@ -2073,7 +2089,8 @@ RPC_PROBE_FILES = $(srcdir)/rpc/virnetprotocol.x \
 		  $(srcdir)/remote/lxc_protocol.x \
 		  $(srcdir)/remote/qemu_protocol.x \
 		  $(srcdir)/lxc/lxc_monitor_protocol.x \
-		  $(srcdir)/locking/lock_protocol.x
+		  $(srcdir)/locking/lock_protocol.x \
+		  $(srcdir)/locking/lock_seclabel_protocol.x
 
 libvirt_functions.stp: $(RPC_PROBE_FILES) $(srcdir)/rpc/gensystemtap.pl
 	$(AM_V_GEN)$(PERL) -w $(srcdir)/rpc/gensystemtap.pl $(RPC_PROBE_FILES) > $@
diff --git a/src/lock_seclabel_protocol-structs b/src/lock_seclabel_protocol-structs
new file mode 100644
index 0000000..46f1eae
--- /dev/null
+++ b/src/lock_seclabel_protocol-structs
@@ -0,0 +1,21 @@
+/* -*- c -*- */
+struct virLockSeclabelProtocolRememberSeclabelArgs {
+        virLockSeclabelProtocolNonNullString path;
+        virLockSeclabelProtocolNonNullString model;
+        virLockSeclabelProtocolNonNullString seclabel;
+};
+struct virLockSeclabelProtocolRememberSeclabelRet {
+        int                        ret;
+};
+struct virLockSeclabelProtocolRecallSeclabelArgs {
+        virLockSeclabelProtocolNonNullString path;
+        virLockSeclabelProtocolNonNullString model;
+};
+struct virLockSeclabelProtocolRecallSeclabelRet {
+        virLockSeclabelProtocolNonNullString seclabel;
+        int                        ret;
+};
+enum virLockSeclabelProtocolProcedure {
+        VIR_LOCK_SECLABEL_PROTOCOL_PROC_REMEMBER_SECLABEL = 1,
+        VIR_LOCK_SECLABEL_PROTOCOL_PROC_RECALL_SECLABEL = 2,
+};
diff --git a/src/locking/lock_seclabel_protocol.x b/src/locking/lock_seclabel_protocol.x
new file mode 100644
index 0000000..e769ebf
--- /dev/null
+++ b/src/locking/lock_seclabel_protocol.x
@@ -0,0 +1,53 @@
+/* -*- c -*-
+ */
+
+%#include "internal.h"
+
+/* Length of long, but not unbounded, strings.
+ * This is an arbitrary limit designed to stop the decoder from trying
+ * to allocate unbounded amounts of memory when fed with a bad message.
+ */
+const VIR_LOCK_SECLABEL_PROTOCOL_STRING_MAX = 65536;
+
+/* A long string, which may NOT be NULL. */
+typedef string virLockSeclabelProtocolNonNullString<VIR_LOCK_SECLABEL_PROTOCOL_STRING_MAX>;
+
+/* A long string, which may be NULL. */
+typedef virLockSeclabelProtocolNonNullString *virLockSeclabelProtocolString;
+
+struct virLockSeclabelProtocolRememberSeclabelArgs {
+    virLockSeclabelProtocolNonNullString path;
+    virLockSeclabelProtocolNonNullString model;
+    virLockSeclabelProtocolNonNullString seclabel;
+};
+
+struct virLockSeclabelProtocolRememberSeclabelRet {
+    int ret;
+};
+
+struct virLockSeclabelProtocolRecallSeclabelArgs {
+    virLockSeclabelProtocolNonNullString path;
+    virLockSeclabelProtocolNonNullString model;
+};
+
+struct virLockSeclabelProtocolRecallSeclabelRet {
+    virLockSeclabelProtocolNonNullString seclabel;
+    int ret;
+};
+
+const VIR_LOCK_SECLABEL_PROTOCOL_PROGRAM = 0x5EC1ABE1;
+const VIR_LOCK_SECLABEL_PROTOCOL_PROGRAM_VERSION = 1;
+
+enum virLockSeclabelProtocolProcedure {
+    /**
+     * @generate: none
+     * @acl: none
+     */
+    VIR_LOCK_SECLABEL_PROTOCOL_PROC_REMEMBER_SECLABEL = 1,
+
+    /**
+     * @generate: none
+     * @acl: none
+     */
+    VIR_LOCK_SECLABEL_PROTOCOL_PROC_RECALL_SECLABEL = 2
+};
-- 
1.8.5.5

More information about the libvir-list mailing list