[libvirt] [PATCH v2 08/23] qemu-security: add qemuSecurityCommandRun()
Michal Privoznik
mprivozn at redhat.com
Fri Sep 6 11:36:45 UTC 2019
On 8/8/19 4:54 PM, marcandre.lureau at redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau at redhat.com>
>
> Add a generic way to run a command through the security management.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau at redhat.com>
> ---
> src/qemu/qemu_security.c | 22 ++++++++++++++++++++++
> src/qemu/qemu_security.h | 6 ++++++
> 2 files changed, 28 insertions(+)
>
> diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
> index 3cd6d9bd3d..f8b53e06b3 100644
> --- a/src/qemu/qemu_security.c
> +++ b/src/qemu/qemu_security.c
> @@ -632,3 +632,25 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
> virSecurityManagerTransactionAbort(driver->securityManager);
> return ret;
> }
> +
> +
> +int
> +qemuSecurityCommandRun(virQEMUDriverPtr driver,
> + virDomainObjPtr vm,
> + virCommandPtr cmd,
> + int *exitstatus,
> + int *cmdret)
> +{
> + if (virSecurityManagerSetChildProcessLabel(driver->securityManager,
> + vm->def, cmd) < 0)
> + return -1;
> +
> + if (virSecurityManagerPreFork(driver->securityManager) < 0)
> + return -1;
> +
> + *cmdret = virCommandRun(cmd, exitstatus);
> +
> + virSecurityManagerPostFork(driver->securityManager);
> +
> + return 0;
> +}
> diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
> index 68e377f418..8cf4ab0721 100644
> --- a/src/qemu/qemu_security.h
> +++ b/src/qemu/qemu_security.h
> @@ -101,6 +101,12 @@ int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
> virDomainObjPtr vm,
> const char *savefile);
>
> +int qemuSecurityCommandRun(virQEMUDriverPtr driver,
> + virDomainObjPtr vm,
> + virCommandPtr cmd,
> + int *exitstatus,
> + int *cmdret);
> +
> /* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
> * new APIs here. If an API can touch a file add a proper wrapper instead.
> */
>
Since this is copied from qemuSecurityStartTPMEmulator() I'd expect some
lines to be removed there. And also document what this function does and
describe arguments.
Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
Michal
More information about the libvir-list
mailing list