[libvirt] [PATCH v5 09/10] virsh: implement new command for launch security
Brijesh Singh
brijesh.singh at amd.com
Wed Apr 4 12:28:05 UTC 2018
On 4/2/18 6:31 PM, John Ferlan wrote:
>
> On 04/02/2018 10:18 AM, Brijesh Singh wrote:
>> Add new 'launch-security' command, the command can be used to get or set
>> the launch security information when booting encrypted VMs.
>>
>> Signed-off-by: Brijesh Singh <brijesh.singh at amd.com>
>> ---
>> tools/virsh-domain.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++
>> 1 file changed, 84 insertions(+)
>>
> Need to modify tools/virsh.pod too in order to supply the man page
> information.
Ah, I missed that. Will add help in next rev.
>
>> diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
>> index 2b775fc..4dca191 100644
>> --- a/tools/virsh-domain.c
>> +++ b/tools/virsh-domain.c
>> @@ -13877,6 +13877,84 @@ cmdDomFSInfo(vshControl *ctl, const vshCmd *cmd)
>> return ret >= 0;
>> }
>>
>> +/*
>> + * "launch-security" command
>> + */
>> +static const vshCmdInfo info_launch_security[] = {
>> + {.name = "help",
>> + .data = N_("Get or set launch-security information")
>> + },
>> + {.name = "desc",
>> + .data = N_("Get or set the current launch-security information for a guest"
>> + " domain.\n"
>> + " To get the launch-security information use following command: \n\n"
>> + " virsh # launch-security <domain>")
>> + },
> Rather lengthy... don't think the last 2 lines are necessary. Is there
> another command doing the same?
Yes, I tried to follow other commands.
> Probably should fill in the ".help" entry too like other commands.
OK.
>> + {.name = NULL}
>> +};
>> +
>> +static const vshCmdOptDef opts_launch_security[] = {
>> + VIRSH_COMMON_OPT_DOMAIN_FULL(0),
>> + {.name = "get",
>> + .type = VSH_OT_STRING,
>> + .help = N_("Show the launch-security info")
>> + },
>> + VIRSH_COMMON_OPT_DOMAIN_CONFIG,
>> + VIRSH_COMMON_OPT_DOMAIN_LIVE,
>> + VIRSH_COMMON_OPT_DOMAIN_CURRENT,
>> + {.name = NULL}
>> +};
>> +
> 2 lines...
>
>> +static void
>> +virshPrintLaunchSecurityInfo(vshControl *ctl, virTypedParameterPtr params,
>> + int nparams)
>> +{
>> + size_t i;
>> +
> Should there perhaps be a header here for the columns?
For now we have only one column and I am not too sure if we need to add
a header file for it, if it grows then we can revisit.
>
>> + for (i = 0; i < nparams; i++) {
>> + if (params[i].type == VIR_TYPED_PARAM_STRING)
>> + vshPrintExtra(ctl, "%-15s: %s\n", params[i].field, params[i].value.s);
>> + }
>> +}
>> +
> 2 lines...
>
> John
>
>> +static bool
>> +cmdLaunchSecurity(vshControl *ctl, const vshCmd *cmd)
>> +{
>> + virDomainPtr dom;
>> + int nparams = 0;
>> + virTypedParameterPtr params = NULL;
>> + bool ret = false;
>> + unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
>> + bool current = vshCommandOptBool(cmd, "current");
>> + bool config = vshCommandOptBool(cmd, "config");
>> + bool live = vshCommandOptBool(cmd, "live");
>> +
>> + VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
>> + VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
>> +
>> + if (config)
>> + flags |= VIR_DOMAIN_AFFECT_CONFIG;
>> + if (live)
>> + flags |= VIR_DOMAIN_AFFECT_LIVE;
>> +
>> + if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
>> + return false;
>> +
>> + if (virDomainGetLaunchSecurityInfo(dom, ¶ms, &nparams, flags) != 0) {
>> + vshError(ctl, "%s", _("Unable to get launch security info"));
>> + goto cleanup;
>> + }
>> +
>> + virshPrintLaunchSecurityInfo(ctl, params, nparams);
>> +
>> + ret = true;
>> + cleanup:
>> + virTypedParamsFree(params, nparams);
>> + virshDomainFree(dom);
>> + return ret;
>> +}
>> +
>> +
>> const vshCmdDef domManagementCmds[] = {
>> {.name = "attach-device",
>> .handler = cmdAttachDevice,
>> @@ -14492,5 +14570,11 @@ const vshCmdDef domManagementCmds[] = {
>> .info = info_domblkthreshold,
>> .flags = 0
>> },
>> + {.name = "launch-security",
>> + .handler = cmdLaunchSecurity,
>> + .opts = opts_launch_security,
>> + .info = info_launch_security,
>> + .flags = 0
>> + },
>> {.name = NULL}
>> };
>>
More information about the libvir-list
mailing list