[PATCH 20/36] lib: Introduce virDomainFDAssociate API

Fri Jan 6 12:36:48 UTC 2023

On Thu, Jan 05, 2023 at 05:30:09PM +0100, Peter Krempa wrote:
> The API can be used to associate one or more (e.g. a RO and RW fd for a
> disk backend image) FDs to a VM. They can be then used per definition.
> 
> The primary use case for now is for complex deployment where
> libvirtd/virtqemud may be run inside a container and getting the image
> into the container is complicated.
> 
> In the future it will also allow passing e.g. vhost FDs and other
> resources to a VM without the need to have a filesystem representation
> for it.
> 
> Passing raw FDs has few intricacies and thus libvirt will by default not
> restore security labels.
> 
> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
> ---
>  include/libvirt/libvirt-domain.h    | 22 ++++++++
>  src/driver-hypervisor.h             |  8 +++
>  src/libvirt-domain.c                | 82 +++++++++++++++++++++++++++++
>  src/libvirt_public.syms             |  5 ++
>  src/remote/remote_daemon_dispatch.c | 40 ++++++++++++++
>  src/remote/remote_driver.c          | 27 ++++++++++
>  src/remote/remote_protocol.x        | 14 ++++-
>  src/remote_protocol-structs         |  6 +++
>  8 files changed, 203 insertions(+), 1 deletion(-)
> 
> diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
> index 295fd30c93..a1e39f2f70 100644
> --- a/include/libvirt/libvirt-domain.h
> +++ b/include/libvirt/libvirt-domain.h
> @@ -6457,4 +6457,26 @@ int virDomainStartDirtyRateCalc(virDomainPtr domain,
>                                  int seconds,
>                                  unsigned int flags);
> 
> +
> +/**
> + * virDomainFDAssociateFlags:
> + *
> + * Since: 9.0.0
> + */
> +typedef enum {
> +    /* Attempt a best-effort restore of security labels after use (Since: 9.0.0) */
> +    VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_RESTORE = (1 << 0),
> +    /* Require mandatory restore of security labels after use (Since: 9.0.0) */
> +    VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_RESTORE_REQUIRE = (1 << 1),
> +    /* Use a seclabel allowing writes for the FD even if usage implies read-only mode (Since: 9.0.0) */
> +    VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_WRITABLE = (1 << 2),
> +} virDomainFDAssociateFlags;
> +
> +
> +int virDomainFDAssociate(virDomainPtr domain,
> +                         const char *name,
> +                         unsigned int nfds,
> +                         int *fds,
> +                         unsigned int flags);
> +

This file uses only single line spacing.

I would probably go with virDomainAssociateFD() as it reads slightly
better and we have a lot of APIs with that order, one example dealing
with FDs is virDomainOpenGraphicsFD(). Since there is no rule for API
naming I'm OK with the one you used, just wanted to mention it in case
you will find the other name better.

Reviewed-by: Pavel Hrdina <phrdina at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20230106/34262001/attachment.sig>