[libvirt] [PATCH 1/4] conf: introduce seclabels in shmem device element
lhuang
lhuang at redhat.com
Fri Jul 31 02:39:20 UTC 2015
Hi Marc-André
On 07/27/2015 11:42 PM, Marc-André Lureau wrote:
> Hi
>
> On Thu, Jul 23, 2015 at 12:13 PM, Luyao Huang <lhuang at redhat.com> wrote:
>> Introduce a new element in shmem device element, this
>> could help users to change the shm label to a specified
>> label.
>>
>> Signed-off-by: Luyao Huang <lhuang at redhat.com>
>> ---
>> docs/formatdomain.html.in | 7 ++++++
>> docs/schemas/domaincommon.rng | 3 +++
>> src/conf/domain_conf.c | 55 ++++++++++++++++++++++++++++++++++---------
>> src/conf/domain_conf.h | 5 ++++
>> 4 files changed, 59 insertions(+), 11 deletions(-)
>>
> It would be better with a small test, checking parsing and format.
Oh, right, i forgot that, thanks for pointing out that, i will add them
in next version.
>> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
>> index d0c1741..e02c67c 100644
>> --- a/docs/formatdomain.html.in
>> +++ b/docs/formatdomain.html.in
>> @@ -6098,6 +6098,13 @@ qemu-kvm -net nic,model=? /dev/null
>> vectors. The <code>ioeventd</code> attribute enables/disables (values
>> "on"/"off", respectively) ioeventfd.
>> </dd>
>> + <dt><code>seclabel</code></dt>
>> + <dd>
>> + The optional <code>seclabel</code> to override the way that labelling
> The "element may contain an" optional <code>...
Okay
>> + is done on the shm object path or shm server path. If this
>> + element is not present, the <a href="#seclabel">security label is inherited
>> + from the per-domain setting</a>.
>> + </dd>
>> </dl>
>>
>> <h4><a name="elementsMemory">Memory devices</a></h4>
>> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
>> index 1120003..f58e8de 100644
>> --- a/docs/schemas/domaincommon.rng
>> +++ b/docs/schemas/domaincommon.rng
>> @@ -3323,6 +3323,9 @@
>> </optional>
>> </element>
>> </optional>
>> + <zeroOrMore>
>> + <ref name='devSeclabel'/>
>> + </zeroOrMore>
>> <optional>
>> <ref name="address"/>
>> </optional>
>> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>> index 73ac537..cb3d72a 100644
>> --- a/src/conf/domain_conf.c
>> +++ b/src/conf/domain_conf.c
>> @@ -11261,6 +11261,8 @@ virDomainNVRAMDefParseXML(xmlNodePtr node,
>> static virDomainShmemDefPtr
>> virDomainShmemDefParseXML(xmlNodePtr node,
>> xmlXPathContextPtr ctxt,
>> + virSecurityLabelDefPtr* vmSeclabels,
>> + int nvmSeclabels,
>> unsigned int flags)
>> {
>> char *tmp = NULL;
>> @@ -11332,6 +11334,10 @@ virDomainShmemDefParseXML(xmlNodePtr node,
>> if (virDomainDeviceInfoParseXML(node, NULL, &def->info, flags) < 0)
>> goto cleanup;
>>
>> + if (virSecurityDeviceLabelDefParseXML(&def->seclabels, &def->nseclabels,
>> + vmSeclabels, nvmSeclabels,
>> + ctxt, flags) < 0)
>> + goto cleanup;
>>
>> ret = def;
>> def = NULL;
>> @@ -12457,7 +12463,11 @@ virDomainDeviceDefParse(const char *xmlStr,
>> goto error;
>> break;
>> case VIR_DOMAIN_DEVICE_SHMEM:
>> - if (!(dev->data.shmem = virDomainShmemDefParseXML(node, ctxt, flags)))
>> + if (!(dev->data.shmem = virDomainShmemDefParseXML(node,
>> + ctxt,
>> + def->seclabels,
>> + def->nseclabels,
>> + flags)))
>> goto error;
>> break;
>> case VIR_DOMAIN_DEVICE_TPM:
>> @@ -16136,7 +16146,8 @@ virDomainDefParseXML(xmlDocPtr xml,
>> for (i = 0; i < n; i++) {
>> virDomainShmemDefPtr shmem;
>> ctxt->node = nodes[i];
>> - shmem = virDomainShmemDefParseXML(nodes[i], ctxt, flags);
>> + shmem = virDomainShmemDefParseXML(nodes[i], ctxt, def->seclabels,
>> + def->nseclabels, flags);
>> if (!shmem)
>> goto error;
>>
>> @@ -20308,6 +20319,8 @@ virDomainShmemDefFormat(virBufferPtr buf,
>> virDomainShmemDefPtr def,
>> unsigned int flags)
>> {
>> + size_t n;
>> +
>> virBufferEscapeString(buf, "<shmem name='%s'", def->name);
>>
>> if (!def->size &&
>> @@ -20341,6 +20354,9 @@ virDomainShmemDefFormat(virBufferPtr buf,
>> virBufferAddLit(buf, "/>\n");
>> }
>>
>> + for (n = 0; n < def->nseclabels; n++)
>> + virSecurityDeviceLabelDefFormat(buf, def->seclabels[n], flags);
>> +
>> if (virDomainDeviceInfoFormat(buf, &def->info, flags) < 0)
>> return -1;
>>
>> @@ -23851,11 +23867,25 @@ virDomainObjListExport(virDomainObjListPtr domlist,
>> }
>>
>>
>> +static virSecurityDeviceLabelDefPtr
>> +virDomainGetDeviceSecurityLabelDef(virSecurityDeviceLabelDefPtr *seclabels,
>> + size_t nseclabels,
>> + const char *model)
>> +{
>> + size_t i;
>> +
>> + for (i = 0; i < nseclabels; i++) {
>> + if (STREQ_NULLABLE(seclabels[i]->model, model))
>> + return seclabels[i];
>> + }
>> + return NULL;
>> +}
>> +
>> +
>> virSecurityLabelDefPtr
>> virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model)
>> {
>> size_t i;
>> - virSecurityLabelDefPtr seclabel = NULL;
>>
>> if (def == NULL || model == NULL)
>> return NULL;
>> @@ -23866,24 +23896,27 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model)
>> if (STREQ(def->seclabels[i]->model, model))
>> return def->seclabels[i];
>> }
>> -
>> - return seclabel;
>> + return NULL;
> This looks like a seperate cleanup.
Yes, i will split this in another patch.
Thanks a lot for your review.
Luyao
>> }
>>
>>
>> virSecurityDeviceLabelDefPtr
>> virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model)
>> {
>> - size_t i;
>> + if (def == NULL)
>> + return NULL;
>> +
>> + return virDomainGetDeviceSecurityLabelDef(def->seclabels, def->nseclabels, model);
>> +}
>>
>> +
>> +virSecurityDeviceLabelDefPtr
>> +virDomainShmemDefGetSecurityLabelDef(virDomainShmemDefPtr def, const char *model)
>> +{
>> if (def == NULL)
>> return NULL;
>>
>> - for (i = 0; i < def->nseclabels; i++) {
>> - if (STREQ_NULLABLE(def->seclabels[i]->model, model))
>> - return def->seclabels[i];
>> - }
>> - return NULL;
>> + return virDomainGetDeviceSecurityLabelDef(def->seclabels, def->nseclabels, model);
>> }
>>
>>
>> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
>> index 0fe6b1a..1a0475e 100644
>> --- a/src/conf/domain_conf.h
>> +++ b/src/conf/domain_conf.h
>> @@ -1608,6 +1608,8 @@ struct _virDomainShmemDef {
>> unsigned vectors;
>> virTristateSwitch ioeventfd;
>> } msi;
>> + size_t nseclabels;
>> + virSecurityDeviceLabelDefPtr *seclabels;
>> virDomainDeviceInfo info;
>> };
>>
>> @@ -2943,6 +2945,9 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model);
>> virSecurityDeviceLabelDefPtr
>> virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model);
>>
>> +virSecurityDeviceLabelDefPtr
>> +virDomainShmemDefGetSecurityLabelDef(virDomainShmemDefPtr def, const char *model);
>> +
>> typedef const char* (*virEventActionToStringFunc)(int type);
>> typedef int (*virEventActionFromStringFunc)(const char *type);
>>
>> --
>> 1.8.3.1
>>
>> --
>> libvir-list mailing list
>> libvir-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/libvir-list
>
>
More information about the libvir-list
mailing list