[libvirt] [PATCH v2 08/23] qemu-security: add qemuSecurityCommandRun()

Michal Privoznik mprivozn at redhat.com
Fri Sep 6 11:36:45 UTC 2019 

On 8/8/19 4:54 PM, marcandre.lureau at redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau at redhat.com>
> 
> Add a generic way to run a command through the security management.
> 
> Signed-off-by: Marc-André Lureau <marcandre.lureau at redhat.com>
> ---
>   src/qemu/qemu_security.c | 22 ++++++++++++++++++++++
>   src/qemu/qemu_security.h |  6 ++++++
>   2 files changed, 28 insertions(+)
> 
> diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
> index 3cd6d9bd3d..f8b53e06b3 100644
> --- a/src/qemu/qemu_security.c
> +++ b/src/qemu/qemu_security.c
> @@ -632,3 +632,25 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
>       virSecurityManagerTransactionAbort(driver->securityManager);
>       return ret;
>   }
> +
> +
> +int
> +qemuSecurityCommandRun(virQEMUDriverPtr driver,
> +                       virDomainObjPtr vm,
> +                       virCommandPtr cmd,
> +                       int *exitstatus,
> +                       int *cmdret)
> +{
> +    if (virSecurityManagerSetChildProcessLabel(driver->securityManager,
> +                                               vm->def, cmd) < 0)
> +        return -1;
> +
> +    if (virSecurityManagerPreFork(driver->securityManager) < 0)
> +        return -1;
> +
> +    *cmdret = virCommandRun(cmd, exitstatus);
> +
> +    virSecurityManagerPostFork(driver->securityManager);
> +
> +    return 0;
> +}
> diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
> index 68e377f418..8cf4ab0721 100644
> --- a/src/qemu/qemu_security.h
> +++ b/src/qemu/qemu_security.h
> @@ -101,6 +101,12 @@ int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
>                                          virDomainObjPtr vm,
>                                          const char *savefile);
>   
> +int qemuSecurityCommandRun(virQEMUDriverPtr driver,
> +                           virDomainObjPtr vm,
> +                           virCommandPtr cmd,
> +                           int *exitstatus,
> +                           int *cmdret);
> +
>   /* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
>    * new APIs here. If an API can touch a file add a proper wrapper instead.
>    */
> 

Since this is copied from qemuSecurityStartTPMEmulator() I'd expect some 
lines to be removed there. And also document what this function does and 
describe arguments.

Reviewed-by: Michal Privoznik <mprivozn at redhat.com>

Michal

More information about the libvir-list mailing list