[libvirt] [PATCH libvirt-glib] Add support for configuring serial, parallel & channel devices
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
The basic config of serial, parallel & channel devices is just
the same as console devices. Add basic stubs for these new
devices
---
libvirt-gconfig/Makefile.am | 6 ++
libvirt-gconfig/libvirt-gconfig-domain-channel.c | 70 +++++++++++++++++++++
libvirt-gconfig/libvirt-gconfig-domain-channel.h | 67 ++++++++++++++++++++
libvirt-gconfig/libvirt-gconfig-domain-parallel.c | 70 +++++++++++++++++++++
libvirt-gconfig/libvirt-gconfig-domain-parallel.h | 67 ++++++++++++++++++++
libvirt-gconfig/libvirt-gconfig-domain-serial.c | 70 +++++++++++++++++++++
libvirt-gconfig/libvirt-gconfig-domain-serial.h | 67 ++++++++++++++++++++
libvirt-gconfig/libvirt-gconfig.h | 3 +
libvirt-gconfig/libvirt-gconfig.sym | 12 ++++
9 files changed, 432 insertions(+), 0 deletions(-)
create mode 100644 libvirt-gconfig/libvirt-gconfig-domain-channel.c
create mode 100644 libvirt-gconfig/libvirt-gconfig-domain-channel.h
create mode 100644 libvirt-gconfig/libvirt-gconfig-domain-parallel.c
create mode 100644 libvirt-gconfig/libvirt-gconfig-domain-parallel.h
create mode 100644 libvirt-gconfig/libvirt-gconfig-domain-serial.c
create mode 100644 libvirt-gconfig/libvirt-gconfig-domain-serial.h
diff --git a/libvirt-gconfig/Makefile.am b/libvirt-gconfig/Makefile.am
index d542074..03a5507 100644
--- a/libvirt-gconfig/Makefile.am
+++ b/libvirt-gconfig/Makefile.am
@@ -13,6 +13,7 @@ GCONFIG_HEADER_FILES = \
libvirt-gconfig-object.h \
libvirt-gconfig-capabilities.h \
libvirt-gconfig-domain.h \
+ libvirt-gconfig-domain-channel.h \
libvirt-gconfig-domain-chardev.h \
libvirt-gconfig-domain-chardev-source.h \
libvirt-gconfig-domain-chardev-source-pty.h \
@@ -32,7 +33,9 @@ GCONFIG_HEADER_FILES = \
libvirt-gconfig-domain-interface-user.h \
libvirt-gconfig-domain-memballoon.h \
libvirt-gconfig-domain-os.h \
+ libvirt-gconfig-domain-parallel.h \
libvirt-gconfig-domain-seclabel.h \
+ libvirt-gconfig-domain-serial.h \
libvirt-gconfig-domain-snapshot.h \
libvirt-gconfig-domain-sound.h \
libvirt-gconfig-domain-timer.h \
@@ -61,6 +64,7 @@ GCONFIG_SOURCE_FILES = \
libvirt-gconfig-main.c \
libvirt-gconfig-capabilities.c \
libvirt-gconfig-domain.c \
+ libvirt-gconfig-domain-channel.c \
libvirt-gconfig-domain-chardev.c \
libvirt-gconfig-domain-chardev-source.c \
libvirt-gconfig-domain-chardev-source-pty.c \
@@ -80,7 +84,9 @@ GCONFIG_SOURCE_FILES = \
libvirt-gconfig-domain-interface-user.c \
libvirt-gconfig-domain-memballoon.c \
libvirt-gconfig-domain-os.c \
+ libvirt-gconfig-domain-parallel.c \
libvirt-gconfig-domain-seclabel.c \
+ libvirt-gconfig-domain-serial.c \
libvirt-gconfig-domain-snapshot.c \
libvirt-gconfig-domain-sound.c \
libvirt-gconfig-domain-timer.c \
diff --git a/libvirt-gconfig/libvirt-gconfig-domain-channel.c b/libvirt-gconfig/libvirt-gconfig-domain-channel.c
new file mode 100644
index 0000000..a3134b4
--- /dev/null
+++ b/libvirt-gconfig/libvirt-gconfig-domain-channel.c
@@ -0,0 +1,70 @@
+/*
+ * libvirt-gconfig-domain-channel.c: libvirt domain channel configuration
+ *
+ * Copyright (C) 2011 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Daniel P. Berrange <berrange(a)redhat.com>
+ */
+
+#include <config.h>
+
+#include "libvirt-gconfig/libvirt-gconfig.h"
+
+#define GVIR_CONFIG_DOMAIN_CHANNEL_GET_PRIVATE(obj) \
+ (G_TYPE_INSTANCE_GET_PRIVATE((obj), GVIR_CONFIG_TYPE_DOMAIN_CHANNEL, GVirConfigDomainChannelPrivate))
+
+struct _GVirConfigDomainChannelPrivate
+{
+ gboolean unused;
+};
+
+G_DEFINE_TYPE(GVirConfigDomainChannel, gvir_config_domain_channel, GVIR_CONFIG_TYPE_DOMAIN_CHARDEV);
+
+
+static void gvir_config_domain_channel_class_init(GVirConfigDomainChannelClass *klass)
+{
+ g_type_class_add_private(klass, sizeof(GVirConfigDomainChannelPrivate));
+}
+
+
+static void gvir_config_domain_channel_init(GVirConfigDomainChannel *channel)
+{
+ g_debug("Init GVirConfigDomainChannel=%p", channel);
+
+ channel->priv = GVIR_CONFIG_DOMAIN_CHANNEL_GET_PRIVATE(channel);
+}
+
+GVirConfigDomainChannel *gvir_config_domain_channel_new(void)
+{
+ GVirConfigObject *object;
+
+ object = gvir_config_object_new(GVIR_CONFIG_TYPE_DOMAIN_CHANNEL,
+ "channel", NULL);
+ return GVIR_CONFIG_DOMAIN_CHANNEL(object);
+}
+
+GVirConfigDomainChannel *gvir_config_domain_channel_new_from_xml(const gchar *xml,
+ GError **error)
+{
+ GVirConfigObject *object;
+
+ object = gvir_config_object_new_from_xml(GVIR_CONFIG_TYPE_DOMAIN_CHANNEL,
+ "channel", NULL, xml, error);
+ if (object == NULL)
+ return NULL;
+ return GVIR_CONFIG_DOMAIN_CHANNEL(object);
+}
diff --git a/libvirt-gconfig/libvirt-gconfig-domain-channel.h b/libvirt-gconfig/libvirt-gconfig-domain-channel.h
new file mode 100644
index 0000000..d2dc136
--- /dev/null
+++ b/libvirt-gconfig/libvirt-gconfig-domain-channel.h
@@ -0,0 +1,67 @@
+/*
+ * libvirt-gconfig-domain-channel.h: libvirt domain channel configuration
+ *
+ * Copyright (C) 2011 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Daniel P. Berrange <berrange(a)redhat.com>
+ */
+
+#if !defined(__LIBVIRT_GCONFIG_H__) && !defined(LIBVIRT_GCONFIG_BUILD)
+#error "Only <libvirt-gconfig/libvirt-gconfig.h> can be included directly."
+#endif
+
+#ifndef __LIBVIRT_GCONFIG_DOMAIN_CHANNEL_H__
+#define __LIBVIRT_GCONFIG_DOMAIN_CHANNEL_H__
+
+G_BEGIN_DECLS
+
+#define GVIR_CONFIG_TYPE_DOMAIN_CHANNEL (gvir_config_domain_channel_get_type ())
+#define GVIR_CONFIG_DOMAIN_CHANNEL(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GVIR_CONFIG_TYPE_DOMAIN_CHANNEL, GVirConfigDomainChannel))
+#define GVIR_CONFIG_DOMAIN_CHANNEL_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GVIR_CONFIG_TYPE_DOMAIN_CHANNEL, GVirConfigDomainChannelClass))
+#define GVIR_CONFIG_IS_DOMAIN_CHANNEL(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GVIR_CONFIG_TYPE_DOMAIN_CHANNEL))
+#define GVIR_CONFIG_IS_DOMAIN_CHANNEL_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GVIR_CONFIG_TYPE_DOMAIN_CHANNEL))
+#define GVIR_CONFIG_DOMAIN_CHANNEL_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), GVIR_CONFIG_TYPE_DOMAIN_CHANNEL, GVirConfigDomainChannelClass))
+
+typedef struct _GVirConfigDomainChannel GVirConfigDomainChannel;
+typedef struct _GVirConfigDomainChannelPrivate GVirConfigDomainChannelPrivate;
+typedef struct _GVirConfigDomainChannelClass GVirConfigDomainChannelClass;
+
+struct _GVirConfigDomainChannel
+{
+ GVirConfigDomainChardev parent;
+
+ GVirConfigDomainChannelPrivate *priv;
+
+ /* Do not add fields to this struct */
+};
+
+struct _GVirConfigDomainChannelClass
+{
+ GVirConfigDomainChardevClass parent_class;
+
+ gpointer padding[20];
+};
+
+
+GType gvir_config_domain_channel_get_type(void);
+GVirConfigDomainChannel *gvir_config_domain_channel_new(void);
+GVirConfigDomainChannel *gvir_config_domain_channel_new_from_xml(const gchar *xml,
+ GError **error);
+
+G_END_DECLS
+
+#endif /* __LIBVIRT_GCONFIG_DOMAIN_CHANNEL_H__ */
diff --git a/libvirt-gconfig/libvirt-gconfig-domain-parallel.c b/libvirt-gconfig/libvirt-gconfig-domain-parallel.c
new file mode 100644
index 0000000..2f5ea52
--- /dev/null
+++ b/libvirt-gconfig/libvirt-gconfig-domain-parallel.c
@@ -0,0 +1,70 @@
+/*
+ * libvirt-gconfig-domain-parallel.c: libvirt domain parallel configuration
+ *
+ * Copyright (C) 2011 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Daniel P. Berrange <berrange(a)redhat.com>
+ */
+
+#include <config.h>
+
+#include "libvirt-gconfig/libvirt-gconfig.h"
+
+#define GVIR_CONFIG_DOMAIN_PARALLEL_GET_PRIVATE(obj) \
+ (G_TYPE_INSTANCE_GET_PRIVATE((obj), GVIR_CONFIG_TYPE_DOMAIN_PARALLEL, GVirConfigDomainParallelPrivate))
+
+struct _GVirConfigDomainParallelPrivate
+{
+ gboolean unused;
+};
+
+G_DEFINE_TYPE(GVirConfigDomainParallel, gvir_config_domain_parallel, GVIR_CONFIG_TYPE_DOMAIN_CHARDEV);
+
+
+static void gvir_config_domain_parallel_class_init(GVirConfigDomainParallelClass *klass)
+{
+ g_type_class_add_private(klass, sizeof(GVirConfigDomainParallelPrivate));
+}
+
+
+static void gvir_config_domain_parallel_init(GVirConfigDomainParallel *parallel)
+{
+ g_debug("Init GVirConfigDomainParallel=%p", parallel);
+
+ parallel->priv = GVIR_CONFIG_DOMAIN_PARALLEL_GET_PRIVATE(parallel);
+}
+
+GVirConfigDomainParallel *gvir_config_domain_parallel_new(void)
+{
+ GVirConfigObject *object;
+
+ object = gvir_config_object_new(GVIR_CONFIG_TYPE_DOMAIN_PARALLEL,
+ "parallel", NULL);
+ return GVIR_CONFIG_DOMAIN_PARALLEL(object);
+}
+
+GVirConfigDomainParallel *gvir_config_domain_parallel_new_from_xml(const gchar *xml,
+ GError **error)
+{
+ GVirConfigObject *object;
+
+ object = gvir_config_object_new_from_xml(GVIR_CONFIG_TYPE_DOMAIN_PARALLEL,
+ "parallel", NULL, xml, error);
+ if (object == NULL)
+ return NULL;
+ return GVIR_CONFIG_DOMAIN_PARALLEL(object);
+}
diff --git a/libvirt-gconfig/libvirt-gconfig-domain-parallel.h b/libvirt-gconfig/libvirt-gconfig-domain-parallel.h
new file mode 100644
index 0000000..fd9c656
--- /dev/null
+++ b/libvirt-gconfig/libvirt-gconfig-domain-parallel.h
@@ -0,0 +1,67 @@
+/*
+ * libvirt-gconfig-domain-parallel.h: libvirt domain parallel configuration
+ *
+ * Copyright (C) 2011 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Daniel P. Berrange <berrange(a)redhat.com>
+ */
+
+#if !defined(__LIBVIRT_GCONFIG_H__) && !defined(LIBVIRT_GCONFIG_BUILD)
+#error "Only <libvirt-gconfig/libvirt-gconfig.h> can be included directly."
+#endif
+
+#ifndef __LIBVIRT_GCONFIG_DOMAIN_PARALLEL_H__
+#define __LIBVIRT_GCONFIG_DOMAIN_PARALLEL_H__
+
+G_BEGIN_DECLS
+
+#define GVIR_CONFIG_TYPE_DOMAIN_PARALLEL (gvir_config_domain_parallel_get_type ())
+#define GVIR_CONFIG_DOMAIN_PARALLEL(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GVIR_CONFIG_TYPE_DOMAIN_PARALLEL, GVirConfigDomainParallel))
+#define GVIR_CONFIG_DOMAIN_PARALLEL_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GVIR_CONFIG_TYPE_DOMAIN_PARALLEL, GVirConfigDomainParallelClass))
+#define GVIR_CONFIG_IS_DOMAIN_PARALLEL(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GVIR_CONFIG_TYPE_DOMAIN_PARALLEL))
+#define GVIR_CONFIG_IS_DOMAIN_PARALLEL_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GVIR_CONFIG_TYPE_DOMAIN_PARALLEL))
+#define GVIR_CONFIG_DOMAIN_PARALLEL_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), GVIR_CONFIG_TYPE_DOMAIN_PARALLEL, GVirConfigDomainParallelClass))
+
+typedef struct _GVirConfigDomainParallel GVirConfigDomainParallel;
+typedef struct _GVirConfigDomainParallelPrivate GVirConfigDomainParallelPrivate;
+typedef struct _GVirConfigDomainParallelClass GVirConfigDomainParallelClass;
+
+struct _GVirConfigDomainParallel
+{
+ GVirConfigDomainChardev parent;
+
+ GVirConfigDomainParallelPrivate *priv;
+
+ /* Do not add fields to this struct */
+};
+
+struct _GVirConfigDomainParallelClass
+{
+ GVirConfigDomainChardevClass parent_class;
+
+ gpointer padding[20];
+};
+
+
+GType gvir_config_domain_parallel_get_type(void);
+GVirConfigDomainParallel *gvir_config_domain_parallel_new(void);
+GVirConfigDomainParallel *gvir_config_domain_parallel_new_from_xml(const gchar *xml,
+ GError **error);
+
+G_END_DECLS
+
+#endif /* __LIBVIRT_GCONFIG_DOMAIN_PARALLEL_H__ */
diff --git a/libvirt-gconfig/libvirt-gconfig-domain-serial.c b/libvirt-gconfig/libvirt-gconfig-domain-serial.c
new file mode 100644
index 0000000..89c54ba
--- /dev/null
+++ b/libvirt-gconfig/libvirt-gconfig-domain-serial.c
@@ -0,0 +1,70 @@
+/*
+ * libvirt-gconfig-domain-serial.c: libvirt domain serial configuration
+ *
+ * Copyright (C) 2011 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Daniel P. Berrange <berrange(a)redhat.com>
+ */
+
+#include <config.h>
+
+#include "libvirt-gconfig/libvirt-gconfig.h"
+
+#define GVIR_CONFIG_DOMAIN_SERIAL_GET_PRIVATE(obj) \
+ (G_TYPE_INSTANCE_GET_PRIVATE((obj), GVIR_CONFIG_TYPE_DOMAIN_SERIAL, GVirConfigDomainSerialPrivate))
+
+struct _GVirConfigDomainSerialPrivate
+{
+ gboolean unused;
+};
+
+G_DEFINE_TYPE(GVirConfigDomainSerial, gvir_config_domain_serial, GVIR_CONFIG_TYPE_DOMAIN_CHARDEV);
+
+
+static void gvir_config_domain_serial_class_init(GVirConfigDomainSerialClass *klass)
+{
+ g_type_class_add_private(klass, sizeof(GVirConfigDomainSerialPrivate));
+}
+
+
+static void gvir_config_domain_serial_init(GVirConfigDomainSerial *serial)
+{
+ g_debug("Init GVirConfigDomainSerial=%p", serial);
+
+ serial->priv = GVIR_CONFIG_DOMAIN_SERIAL_GET_PRIVATE(serial);
+}
+
+GVirConfigDomainSerial *gvir_config_domain_serial_new(void)
+{
+ GVirConfigObject *object;
+
+ object = gvir_config_object_new(GVIR_CONFIG_TYPE_DOMAIN_SERIAL,
+ "serial", NULL);
+ return GVIR_CONFIG_DOMAIN_SERIAL(object);
+}
+
+GVirConfigDomainSerial *gvir_config_domain_serial_new_from_xml(const gchar *xml,
+ GError **error)
+{
+ GVirConfigObject *object;
+
+ object = gvir_config_object_new_from_xml(GVIR_CONFIG_TYPE_DOMAIN_SERIAL,
+ "serial", NULL, xml, error);
+ if (object == NULL)
+ return NULL;
+ return GVIR_CONFIG_DOMAIN_SERIAL(object);
+}
diff --git a/libvirt-gconfig/libvirt-gconfig-domain-serial.h b/libvirt-gconfig/libvirt-gconfig-domain-serial.h
new file mode 100644
index 0000000..8fba59c
--- /dev/null
+++ b/libvirt-gconfig/libvirt-gconfig-domain-serial.h
@@ -0,0 +1,67 @@
+/*
+ * libvirt-gconfig-domain-serial.h: libvirt domain serial configuration
+ *
+ * Copyright (C) 2011 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Daniel P. Berrange <berrange(a)redhat.com>
+ */
+
+#if !defined(__LIBVIRT_GCONFIG_H__) && !defined(LIBVIRT_GCONFIG_BUILD)
+#error "Only <libvirt-gconfig/libvirt-gconfig.h> can be included directly."
+#endif
+
+#ifndef __LIBVIRT_GCONFIG_DOMAIN_SERIAL_H__
+#define __LIBVIRT_GCONFIG_DOMAIN_SERIAL_H__
+
+G_BEGIN_DECLS
+
+#define GVIR_CONFIG_TYPE_DOMAIN_SERIAL (gvir_config_domain_serial_get_type ())
+#define GVIR_CONFIG_DOMAIN_SERIAL(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GVIR_CONFIG_TYPE_DOMAIN_SERIAL, GVirConfigDomainSerial))
+#define GVIR_CONFIG_DOMAIN_SERIAL_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GVIR_CONFIG_TYPE_DOMAIN_SERIAL, GVirConfigDomainSerialClass))
+#define GVIR_CONFIG_IS_DOMAIN_SERIAL(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GVIR_CONFIG_TYPE_DOMAIN_SERIAL))
+#define GVIR_CONFIG_IS_DOMAIN_SERIAL_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GVIR_CONFIG_TYPE_DOMAIN_SERIAL))
+#define GVIR_CONFIG_DOMAIN_SERIAL_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), GVIR_CONFIG_TYPE_DOMAIN_SERIAL, GVirConfigDomainSerialClass))
+
+typedef struct _GVirConfigDomainSerial GVirConfigDomainSerial;
+typedef struct _GVirConfigDomainSerialPrivate GVirConfigDomainSerialPrivate;
+typedef struct _GVirConfigDomainSerialClass GVirConfigDomainSerialClass;
+
+struct _GVirConfigDomainSerial
+{
+ GVirConfigDomainChardev parent;
+
+ GVirConfigDomainSerialPrivate *priv;
+
+ /* Do not add fields to this struct */
+};
+
+struct _GVirConfigDomainSerialClass
+{
+ GVirConfigDomainChardevClass parent_class;
+
+ gpointer padding[20];
+};
+
+
+GType gvir_config_domain_serial_get_type(void);
+GVirConfigDomainSerial *gvir_config_domain_serial_new(void);
+GVirConfigDomainSerial *gvir_config_domain_serial_new_from_xml(const gchar *xml,
+ GError **error);
+
+G_END_DECLS
+
+#endif /* __LIBVIRT_GCONFIG_DOMAIN_SERIAL_H__ */
diff --git a/libvirt-gconfig/libvirt-gconfig.h b/libvirt-gconfig/libvirt-gconfig.h
index 7176400..cb28e23 100644
--- a/libvirt-gconfig/libvirt-gconfig.h
+++ b/libvirt-gconfig/libvirt-gconfig.h
@@ -33,6 +33,7 @@
#include <libvirt-gconfig/libvirt-gconfig-domain-chardev.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-chardev-source.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-chardev-source-pty.h>
+#include <libvirt-gconfig/libvirt-gconfig-domain-channel.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-clock.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-console.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-device.h>
@@ -49,7 +50,9 @@
#include <libvirt-gconfig/libvirt-gconfig-domain-interface-user.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-memballoon.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-os.h>
+#include <libvirt-gconfig/libvirt-gconfig-domain-parallel.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-seclabel.h>
+#include <libvirt-gconfig/libvirt-gconfig-domain-serial.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-snapshot.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-sound.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-timer.h>
diff --git a/libvirt-gconfig/libvirt-gconfig.sym b/libvirt-gconfig/libvirt-gconfig.sym
index 8a47418..7cf3c3d 100644
--- a/libvirt-gconfig/libvirt-gconfig.sym
+++ b/libvirt-gconfig/libvirt-gconfig.sym
@@ -30,6 +30,10 @@ LIBVIRT_GCONFIG_0.0.3 {
gvir_config_domain_set_virt_type;
gvir_config_domain_virt_type_get_type;
+ gvir_config_domain_channel_get_type;
+ gvir_config_domain_channel_new;
+ gvir_config_domain_channel_new_from_xml;
+
gvir_config_domain_chardev_get_type;
gvir_config_domain_chardev_set_source;
@@ -168,6 +172,10 @@ LIBVIRT_GCONFIG_0.0.3 {
gvir_config_domain_os_set_arch;
gvir_config_domain_os_type_get_type;
+ gvir_config_domain_parallel_get_type;
+ gvir_config_domain_parallel_new;
+ gvir_config_domain_parallel_new_from_xml;
+
gvir_config_domain_seclabel_get_type;
gvir_config_domain_seclabel_type_get_type;
gvir_config_domain_seclabel_new;
@@ -177,6 +185,10 @@ LIBVIRT_GCONFIG_0.0.3 {
gvir_config_domain_seclabel_set_baselabel;
gvir_config_domain_seclabel_set_label;
+ gvir_config_domain_serial_get_type;
+ gvir_config_domain_serial_new;
+ gvir_config_domain_serial_new_from_xml;
+
gvir_config_domain_snapshot_get_type;
gvir_config_domain_snapshot_new;
gvir_config_domain_snapshot_new_from_xml;
--
1.7.7.5
12 years, 9 months
[libvirt] [PATCH] build: avoid spurious compiler warning
by Eric Blake
For some weird reason, i686-pc-mingw32-gcc version 4.6.1 at -O2 complained:
../../src/conf/nwfilter_params.c: In function 'virNWFilterVarCombIterCreate':
../../src/conf/nwfilter_params.c:346:23: error: 'minValue' may be used uninitialized in this function [-Werror=uninitialized]
../../src/conf/nwfilter_params.c:319:28: note: 'minValue' was declared here
../../src/conf/nwfilter_params.c:344:23: error: 'maxValue' may be used uninitialized in this function [-Werror=uninitialized]
../../src/conf/nwfilter_params.c:319:18: note: 'maxValue' was declared here
cc1: all warnings being treated as errors
even though all paths of the preceding switch statement either
assign the variables or return.
* src/conf/nwfilter_params.c (virNWFilterVarCombIterAddVariable):
Initialize variables.
---
Pushing under the build-breaker rule.
src/conf/nwfilter_params.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/conf/nwfilter_params.c b/src/conf/nwfilter_params.c
index 8949b95..7400fa0 100644
--- a/src/conf/nwfilter_params.c
+++ b/src/conf/nwfilter_params.c
@@ -1,7 +1,7 @@
/*
* nwfilter_params.c: parsing and data maintenance of filter parameters
*
- * Copyright (C) 2011 Red Hat, Inc.
+ * Copyright (C) 2011-2012 Red Hat, Inc.
* Copyright (C) 2010 IBM Corporation
*
* This library is free software; you can redistribute it and/or
@@ -316,7 +316,7 @@ virNWFilterVarCombIterAddVariable(virNWFilterVarCombIterEntryPtr cie,
const virNWFilterVarAccessPtr varAccess)
{
virNWFilterVarValuePtr varValue;
- unsigned int maxValue, minValue;
+ unsigned int maxValue = 0, minValue = 0;
const char *varName = virNWFilterVarAccessGetVarName(varAccess);
varValue = virHashLookup(hash->hashTable, varName);
--
1.7.7.5
12 years, 9 months
[libvirt] [BUG, PATCH-RFC] libvirt localtime and rtc_timeoffset handling in xen-sexpr/sxpr/sxp
by Philipp Hahn
Hello,
I'm currently tracking a problem in libvirt regarding Xens handling of
localtime and rtc_timeoffset. My current understanding (Xen-3.4.3 and
Xen-4.1.2 under Linux) of Xend (the depcrecated Python one still used by
libvirt) is as this:
- for HV domains, the RTC gets setup to either UTC or localtime depending
on "/domain/image/hvm/localtime" ± "/domain/image/hvm/rtc_offset".
- if the OS of a domU changes its RTC, the rtc_offset gets adjusted and is
saved in XenStore as "/vm/$UUID/rtc/timeoffset".
- if the dom0 accesses its RTC, is accesses the real HW-RTC.
- the Xen-Hypervisor initially read the HW-RTC to setup its Wallclock once,
which is than used to simulate the domU RTCs. (The HW-RTC is otherwise only
accessed on (ACPI-)Suspend and Resume, and with NTP-drift-correction from
dom0).
- on shut-down the rtc_offset is stored by Xend in
the "/var/lib/xend/domains/$uuid/config.sxp" file
in "/domain/image/hvm/rtc_timeoffset", from where it is loaded again on next
start.
- since PV domains don't have a RTC, they somehow(?) get either initialized to
the localtime or UTC time depending on "/domain/image/linux/localtime".
@xen:
Did I figure out that correct?
@xen:
Is there some documentation on the Xen-sxp domain configuration? For the
Python based xen-xm format, I found (and updated)
<http://wiki.xen.org/wiki/XenConfigurationFileOptions>, but for Xen-sxp I so
far found no documentation, especially on what changed between xen-1, xen-2,
xen-3.x, xen-4.x.
@libvirt:
Comparing Xend handling to <http://libvirt.org/formatdomain.html#elementsTime>
the current translation done by libvirt looks wrong; I think is mandates back
to the time when Xen supported only PV-domUs:
libvirt translates the Xen configuration to "localtime" and "utc" ignoring
the "rtc_offset", which exists for HV domains. For localtime=0 this
translates to libvirts offset="variable"-case, but for localtime=1 there is
no matching mapping in libvirt.
Since for PV domains no rtc_timeoffset is tracked, there the mapping to "utc"
and "localtime" looks right.
For libvirt there was a patch
<http://www.redhat.com/archives/libvir-list/2009-January/msg00757.html> which
added some special handling for "localtime" to be either placed
in "/domain/localtime" or "/domain/image/{hvm,linux}/localtime". Xend from
3.4.3 und 4.1.2 seems to accept either one, but /domain/image/hvm/localtime
is preferred and overwrites the first one. When reading back the
configuration the setting is always returned
as /domain/image/{hvm,linux}/localtime.
@John:
Is there a case, where /domain/localtime is returned or is that key
always translated to /domain/linux/{hvm,linux}/localtime? As you had a
sun.com email address, was this some special case when using Xen with
Solaris?
@libvirt:
The attached patch (for 0.8.7) would change the implementation to match the
following:
1. For Xen-PV-domUs, use clock/@offset='utc' and clock/@offset='localtime'.
2. For Xen-HV-domUs, use clock/@offset='variable'.
3. For backward compatibility with old libvirt-XML-files convert
clock/@offset='utc' → (localtime 0)(rtc_timeoffset 0) and
clock/@offset='localtime' → (localtime 1)(rtc_timeosset 0). On readback that
will be returned as clock/@offset='variable'!
4. For Xen-HV-domUs with (localtime=1)(rtc_timeoffset≠0) print a warning that
there is no mapping to libvirts XML.
5. Always put the (localtime)(rtc_offset)-SEXPRs in "(image ({linux,hvm})",
since this is where Xend-3.4 and Xend-4.1 return them.
I also checked Xen-3.2, where this is okay, but the I don't have any older
versions of Xen available (and running), the I can't verify that it still
works there.
Which leads me to a another question: Which versions of Xen are still
supported by libvirt (and must be checked for regressions)? I don't want so
actively remove the code for old Xen versions, but it gets harder and harder
to maintain all those versions. So a statement like "Xen-3.x and Xen-4.y are
actively supported by libvirt-0.a.b; older versions might still work (by
accident ;-)"
Before I forward-port that change to 0.9.10 I'd like to get some comments.
Thanks in advance.
Sincerely
Philipp Hahn
--
Philipp Hahn Open Source Software Engineer hahn(a)univention.de
Univention GmbH Linux for Your Business fon: +49 421 22 232- 0
Mary-Somerville-Str.1 D-28359 Bremen fax: +49 421 22 232-99
http://www.univention.de/
12 years, 9 months
[libvirt] [PATCH 2/3][TCK] nwfilter: test access via iterators
by Stefan Berger
Test access to variables using different iterators.
---
scripts/nwfilter/nwfilter2vmtest.sh | 6
scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall | 193 +++++++++++++++++
scripts/nwfilter/nwfilterxml2xmlin/iter-test2.xml | 23 ++
3 files changed, 222 insertions(+)
Index: libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilter2vmtest.sh
+++ libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
@@ -348,9 +348,15 @@ createVM() {
<parameter name='A' value='1.1.1.1'/>
<parameter name='A' value='2.2.2.2'/>
<parameter name='A' value='3.3.3.3'/>
+ <parameter name='A' value='3.3.3.3'/>
<parameter name='B' value='80'/>
<parameter name='B' value='90'/>
<parameter name='B' value='80'/>
+ <parameter name='B' value='80'/>
+ <parameter name='C' value='1080'/>
+ <parameter name='C' value='1090'/>
+ <parameter name='C' value='1100'/>
+ <parameter name='C' value='1110'/>
</filterref>
<target dev='${vmname}'/>
</interface>
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall
@@ -0,0 +1,193 @@
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x01tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x01tcp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x01tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 1.1.1.1 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 1.1.1.1 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 1.1.1.1 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 2.2.2.2 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 2.2.2.2 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 2.2.2.2 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 3.3.3.3 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 3.3.3.3 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 3.3.3.3 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 1.1.1.1 DSCP match 0x06state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 2.2.2.2 DSCP match 0x06state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 3.3.3.3 DSCP match 0x06state NEW,ESTABLISHED ctdir REPLY
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x01tcp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x01tcp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x01tcp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x02udp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x02udp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x02udp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x02udp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x02udp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x02udp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x03sctp spt:1080 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x03sctp spt:1080 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x03sctp spt:1080 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x03sctp spt:1090 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x03sctp spt:1090 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x03sctp spt:1090 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x03sctp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x03sctp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x03sctp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x03sctp spt:1110 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x03sctp spt:1110 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x03sctp spt:1110 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1080 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1080 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1080 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1080 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1080 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1080 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1090 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1090 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1090 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1090 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1090 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1090 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1100 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1100 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1100 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1110 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1110 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1110 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1110 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1110 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1110 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 1.1.1.1 1.1.1.1 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 1.1.1.1 2.2.2.2 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 1.1.1.1 3.3.3.3 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 2.2.2.2 1.1.1.1 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 2.2.2.2 2.2.2.2 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 2.2.2.2 3.3.3.3 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 3.3.3.3 1.1.1.1 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 3.3.3.3 2.2.2.2 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 3.3.3.3 3.3.3.3 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 1.1.1.1 1.1.1.1 DSCP match 0x06state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 2.2.2.2 2.2.2.2 DSCP match 0x06state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 3.3.3.3 3.3.3.3 DSCP match 0x06state ESTABLISHED ctdir ORIGINAL
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x01tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x01tcp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x01tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 1.1.1.1 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 1.1.1.1 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 1.1.1.1 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 2.2.2.2 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 2.2.2.2 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 2.2.2.2 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 3.3.3.3 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 3.3.3.3 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 3.3.3.3 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 1.1.1.1 DSCP match 0x06state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 2.2.2.2 DSCP match 0x06state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 3.3.3.3 DSCP match 0x06state NEW,ESTABLISHED ctdir REPLY
+#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-in-post -n | grep vnet0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+#iptables -L FORWARD -n --line-number | grep libvirt
+1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0
+2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0
+3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0
+
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test2.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test2.xml
@@ -0,0 +1,23 @@
+<filter name='tck-testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <tcp srcipaddr='$A' srcportstart='$B[@0]' dscp='1'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <udp srcipaddr='$A[@1]' srcportstart='$B[@2]' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <sctp srcipaddr='$A[@1]' srcportstart='$B[@2]' dstportstart='$C[@2]'
+ dscp='3'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <tcp srcipaddr='$A[@1]' srcportstart='$B[@2]' dstportstart='$C[@3]'
+ dscp='4'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <udp srcipaddr='$A[@1]' dstipaddr='$A[@2]' dscp='5'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <sctp srcipaddr='$A' dstipaddr='$A' dscp='6'/>
+ </rule>
+</filter>
12 years, 9 months
[libvirt] [PATCH 1/3][TCK] nwfilter: test access to 2 lists in one rule
by Stefan Berger
Test access to 2 lists in one rule
---
scripts/nwfilter/nwfilter2vmtest.sh | 6 +++
scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall | 31 +++++++++++++++++
scripts/nwfilter/nwfilterxml2xmlin/iter-test1.xml | 6 +++
3 files changed, 43 insertions(+)
Index: libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilter2vmtest.sh
+++ libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
@@ -345,6 +345,12 @@ createVM() {
<source bridge='virbr0'/>
<filterref filter='${filtername}'>
<parameter name='IP' value='${ipaddr}'/>
+ <parameter name='A' value='1.1.1.1'/>
+ <parameter name='A' value='2.2.2.2'/>
+ <parameter name='A' value='3.3.3.3'/>
+ <parameter name='B' value='80'/>
+ <parameter name='B' value='90'/>
+ <parameter name='B' value='80'/>
</filterref>
<target dev='${vmname}'/>
</interface>
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall
@@ -0,0 +1,31 @@
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02tcp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x02tcp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x02tcp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x02tcp dpt:80 state ESTABLISHED ctdir ORIGINAL
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02tcp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-in-post -n | grep vnet0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+#iptables -L FORWARD -n --line-number | grep libvirt
+1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0
+2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0
+3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0
+
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test1.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test1.xml
@@ -0,0 +1,6 @@
+<filter name='tck-testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <tcp srcipaddr='$A' srcportstart='$B' dscp='2'/>
+ </rule>
+</filter>
12 years, 9 months
[libvirt] [PATCH] virsh: improve doMigrate function docs
by ajia@redhat.com
From: Alex Jia <ajia(a)redhat.com>
When running virsh migrate with --xml option and actual xml file doesn't
exist, virsh hasn't output any error information, although return value
is 1.
* tools/virsh.c: Raising a appropriate error information when operation fails.
* How to reproduce?
% virsh migrate <domain> --live qemu+ssh://<target host>/system --xml non-existent.xml
% echo $?
* Fixed result:
error: file 'non-existent.xml' doesn't exist
Signed-off-by: Alex Jia <ajia(a)redhat.com>
---
tools/virsh.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index e4b812e..020e7b5 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -6338,9 +6338,10 @@ doMigrate (void *opaque)
flags |= VIR_MIGRATE_CHANGE_PROTECTION;
if (xmlfile &&
- virFileReadAll(xmlfile, 8192, &xml) < 0)
+ virFileReadAll(xmlfile, 8192, &xml) < 0) {
+ vshError(ctl, _("file '%s' doesn't exist"), xmlfile);
goto out;
-
+ }
if ((flags & VIR_MIGRATE_PEER2PEER) ||
vshCommandOptBool (cmd, "direct")) {
--
1.7.1
12 years, 9 months
[libvirt] [PATCH] Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
When sVirt is integrated with the LXC driver, it will be neccessary
to invoke the security driver APIs using only a virDomainDefPtr
since the lxc_container.c code has no virDomainObjPtr available.
Aside from two functions which want obj->pid, every bit of the
security driver code only touches obj->def. So we don't need to
pass a virDomainObjPtr into the security drivers, a virDomainDefPtr
is sufficient. Two functions also gain a 'pid_t pid' argument.
* src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c,
src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
src/security/security_apparmor.c,
src/security/security_dac.c,
src/security/security_driver.h,
src/security/security_manager.c,
src/security/security_manager.h,
src/security/security_nop.c,
src/security/security_selinux.c,
src/security/security_stack.c: Change all security APIs to use a
virDomainDefPtr instead of virDomainObjPtr
---
src/qemu/qemu_driver.c | 10 +-
src/qemu/qemu_hotplug.c | 28 ++--
src/qemu/qemu_migration.c | 12 +-
src/qemu/qemu_process.c | 24 ++--
src/security/security_apparmor.c | 136 ++++++++++----------
src/security/security_dac.c | 91 +++++++-------
src/security/security_driver.h | 36 +++---
src/security/security_manager.c | 40 +++---
src/security/security_manager.h | 36 +++---
src/security/security_nop.c | 36 +++---
src/security/security_selinux.c | 260 +++++++++++++++++++-------------------
src/security/security_stack.c | 44 ++++---
12 files changed, 381 insertions(+), 372 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 6cfdd1d..6e001ce 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3096,7 +3096,7 @@ qemuDomainScreenshot(virDomainPtr dom,
}
unlink_tmp = true;
- virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
+ virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm->def, tmp);
qemuDomainObjEnterMonitor(driver, vm);
if (qemuMonitorScreendump(priv->mon, tmp) < 0) {
@@ -3868,7 +3868,7 @@ static int qemudDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr sec
*/
if (virDomainObjIsActive(vm)) {
if (virSecurityManagerGetProcessLabel(driver->securityManager,
- vm, seclabel) < 0) {
+ vm->def, vm->pid, seclabel) < 0) {
qemuReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("Failed to get security label"));
goto cleanup;
@@ -4167,7 +4167,7 @@ qemuDomainSaveImageStartVM(virConnectPtr conn,
out:
virCommandFree(cmd);
if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager,
- vm, path) < 0)
+ vm->def, path) < 0)
VIR_WARN("failed to restore save state label on %s", path);
return ret;
@@ -7584,7 +7584,7 @@ qemudDomainMemoryPeek (virDomainPtr dom,
goto endjob;
}
- virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
+ virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm->def, tmp);
priv = vm->privateData;
qemuDomainObjEnterMonitor(driver, vm);
@@ -9064,7 +9064,7 @@ qemuDomainSnapshotCreateSingleDiskActive(struct qemud_driver *driver,
if (virDomainLockDiskAttach(driver->lockManager, vm, disk) < 0)
goto cleanup;
- if (virSecurityManagerSetImageLabel(driver->securityManager, vm,
+ if (virSecurityManagerSetImageLabel(driver->securityManager, vm->def,
disk) < 0) {
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", source);
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 96c0070..684fede 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -88,7 +88,7 @@ int qemuDomainChangeEjectableMedia(struct qemud_driver *driver,
return -1;
if (virSecurityManagerSetImageLabel(driver->securityManager,
- vm, disk) < 0) {
+ vm->def, disk) < 0) {
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", disk->src);
return -1;
@@ -120,7 +120,7 @@ int qemuDomainChangeEjectableMedia(struct qemud_driver *driver,
goto error;
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, origdisk) < 0)
+ vm->def, origdisk) < 0)
VIR_WARN("Unable to restore security label on ejected image %s", origdisk->src);
if (virDomainLockDiskDetach(driver->lockManager, vm, origdisk) < 0)
@@ -141,7 +141,7 @@ error:
VIR_FREE(driveAlias);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, disk) < 0)
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on new media %s", disk->src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
@@ -209,7 +209,7 @@ int qemuDomainAttachPciDiskDevice(virConnectPtr conn,
return -1;
if (virSecurityManagerSetImageLabel(driver->securityManager,
- vm, disk) < 0) {
+ vm->def, disk) < 0) {
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", disk->src);
return -1;
@@ -283,7 +283,7 @@ error:
VIR_WARN("Unable to release PCI address on %s", disk->src);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, disk) < 0)
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
@@ -439,7 +439,7 @@ int qemuDomainAttachSCSIDisk(virConnectPtr conn,
return -1;
if (virSecurityManagerSetImageLabel(driver->securityManager,
- vm, disk) < 0) {
+ vm->def, disk) < 0) {
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", disk->src);
return -1;
@@ -530,7 +530,7 @@ error:
VIR_FREE(drivestr);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, disk) < 0)
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
@@ -562,7 +562,7 @@ int qemuDomainAttachUsbMassstorageDevice(virConnectPtr conn,
return -1;
if (virSecurityManagerSetImageLabel(driver->securityManager,
- vm, disk) < 0) {
+ vm->def, disk) < 0) {
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", disk->src);
return -1;
@@ -623,7 +623,7 @@ error:
VIR_FREE(drivestr);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, disk) < 0)
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
@@ -1112,7 +1112,7 @@ int qemuDomainAttachHostDevice(struct qemud_driver *driver,
if (virSecurityManagerSetHostdevLabel(driver->securityManager,
- vm, hostdev) < 0)
+ vm->def, hostdev) < 0)
return -1;
switch (hostdev->source.subsys.type) {
@@ -1139,7 +1139,7 @@ int qemuDomainAttachHostDevice(struct qemud_driver *driver,
error:
if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
- vm, hostdev) < 0)
+ vm->def, hostdev) < 0)
VIR_WARN("Unable to restore host device labelling on hotplug fail");
return -1;
@@ -1572,7 +1572,7 @@ int qemuDomainDetachPciDiskDevice(struct qemud_driver *driver,
virDomainDiskDefFree(detach);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, dev->data.disk) < 0)
+ vm->def, dev->data.disk) < 0)
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) {
@@ -1654,7 +1654,7 @@ int qemuDomainDetachDiskDevice(struct qemud_driver *driver,
virDomainDiskDefFree(detach);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, dev->data.disk) < 0)
+ vm->def, dev->data.disk) < 0)
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) {
@@ -2162,7 +2162,7 @@ int qemuDomainDetachHostDevice(struct qemud_driver *driver,
}
if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
- vm, dev->data.hostdev) < 0)
+ vm->def, dev->data.hostdev) < 0)
VIR_WARN("Failed to restore host device labelling");
return ret;
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 8ae989a..b3ef894 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1749,13 +1749,13 @@ static int doNativeMigrate(struct qemud_driver *driver,
virReportOOMError();
goto cleanup;
}
- if (virSecurityManagerSetSocketLabel(driver->securityManager, vm) < 0)
+ if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def) < 0)
goto cleanup;
if (virNetSocketNewConnectTCP(uribits->server, tmp, &sock) == 0) {
spec.dest.fd.qemu = virNetSocketDupFD(sock, true);
virNetSocketFree(sock);
}
- if (virSecurityManagerClearSocketLabel(driver->securityManager, vm) < 0 ||
+ if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0 ||
spec.dest.fd.qemu == -1)
goto cleanup;
} else {
@@ -1822,7 +1822,7 @@ static int doTunnelMigrate(struct qemud_driver *driver,
spec.dest.fd.local = fds[0];
}
if (spec.dest.fd.qemu == -1 ||
- virSecurityManagerSetImageFDLabel(driver->securityManager, vm,
+ virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
spec.dest.fd.qemu) < 0) {
virReportSystemError(errno, "%s",
_("cannot create pipe for tunnelled migration"));
@@ -2842,7 +2842,7 @@ qemuMigrationToFile(struct qemud_driver *driver, virDomainObjPtr vm,
* doesn't have to open() the file, so while we still have to
* grant SELinux access, we can do it on fd and avoid cleanup
* later, as well as skip futzing with cgroup. */
- if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm,
+ if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
compressor ? pipeFD[1] : fd) < 0)
goto cleanup;
bypassSecurityDriver = true;
@@ -2876,7 +2876,7 @@ qemuMigrationToFile(struct qemud_driver *driver, virDomainObjPtr vm,
}
if ((!bypassSecurityDriver) &&
virSecurityManagerSetSavedStateLabel(driver->securityManager,
- vm, path) < 0)
+ vm->def, path) < 0)
goto cleanup;
restoreLabel = true;
}
@@ -2951,7 +2951,7 @@ cleanup:
virCommandFree(cmd);
if (restoreLabel && (!bypassSecurityDriver) &&
virSecurityManagerRestoreSavedStateLabel(driver->securityManager,
- vm, path) < 0)
+ vm->def, path) < 0)
VIR_WARN("failed to restore save state label on %s", path);
if (cgroup != NULL) {
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 2563f97..58ce333 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -839,7 +839,7 @@ qemuConnectMonitor(struct qemud_driver *driver, virDomainObjPtr vm)
qemuMonitorPtr mon = NULL;
if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager,
- vm) < 0) {
+ vm->def) < 0) {
VIR_ERROR(_("Failed to set security context for monitor for %s"),
vm->def->name);
goto error;
@@ -872,7 +872,7 @@ qemuConnectMonitor(struct qemud_driver *driver, virDomainObjPtr vm)
}
priv->mon = mon;
- if (virSecurityManagerClearSocketLabel(driver->securityManager, vm) < 0) {
+ if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0) {
VIR_ERROR(_("Failed to clear security context for monitor for %s"),
vm->def->name);
goto error;
@@ -2163,7 +2163,7 @@ static int qemuProcessHook(void *data)
* sockets the lock driver opens that we don't want
* labelled. So far we're ok though.
*/
- if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm) < 0)
+ if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm->def) < 0)
goto cleanup;
if (virDomainLockProcessStart(h->driver->lockManager,
h->vm,
@@ -2171,7 +2171,7 @@ static int qemuProcessHook(void *data)
true,
&fd) < 0)
goto cleanup;
- if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm) < 0)
+ if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm->def) < 0)
goto cleanup;
if (qemuProcessLimits(h->driver) < 0)
@@ -2194,7 +2194,7 @@ static int qemuProcessHook(void *data)
return -1;
VIR_DEBUG("Setting up security labelling");
- if (virSecurityManagerSetProcessLabel(h->driver->securityManager, h->vm) < 0)
+ if (virSecurityManagerSetProcessLabel(h->driver->securityManager, h->vm->def) < 0)
goto cleanup;
ret = 0;
@@ -2656,7 +2656,7 @@ qemuProcessReconnect(void *opaque)
goto error;
}
- if (virSecurityManagerReserveLabel(driver->securityManager, obj) < 0)
+ if (virSecurityManagerReserveLabel(driver->securityManager, obj->def, obj->pid) < 0)
goto error;
if (qemuProcessNotifyNets(obj->def) < 0)
@@ -2894,7 +2894,7 @@ int qemuProcessStart(virConnectPtr conn,
/* If you are using a SecurityDriver with dynamic labelling,
then generate a security label for isolation */
VIR_DEBUG("Generating domain security label (if required)");
- if (virSecurityManagerGenLabel(driver->securityManager, vm) < 0) {
+ if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) {
virDomainAuditSecurityLabel(vm, false);
goto cleanup;
}
@@ -3128,7 +3128,7 @@ int qemuProcessStart(virConnectPtr conn,
VIR_DEBUG("Setting domain security labels");
if (virSecurityManagerSetAllLabel(driver->securityManager,
- vm, stdin_path) < 0)
+ vm->def, stdin_path) < 0)
goto cleanup;
if (stdin_fd != -1) {
@@ -3145,7 +3145,7 @@ int qemuProcessStart(virConnectPtr conn,
goto cleanup;
}
if (S_ISFIFO(stdin_sb.st_mode) &&
- virSecurityManagerSetImageFDLabel(driver->securityManager, vm, stdin_fd) < 0)
+ virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, stdin_fd) < 0)
goto cleanup;
}
@@ -3398,8 +3398,8 @@ void qemuProcessStop(struct qemud_driver *driver,
/* Reset Security Labels */
virSecurityManagerRestoreAllLabel(driver->securityManager,
- vm, migrated);
- virSecurityManagerReleaseLabel(driver->securityManager, vm);
+ vm->def, migrated);
+ virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
/* Clear out dynamically assigned labels */
if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
@@ -3548,7 +3548,7 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
if (VIR_ALLOC(seclabel) < 0)
goto no_memory;
if (virSecurityManagerGetProcessLabel(driver->securityManager,
- vm, seclabel) < 0)
+ vm->def, vm->pid, seclabel) < 0)
goto cleanup;
if (!(vm->def->seclabel.model = strdup(driver->caps->host.secModel.model)))
goto no_memory;
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 299dcc6..4848d85 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -47,7 +47,7 @@
/* Data structure to pass to *FileIterate so we have everything we need */
struct SDPDOP {
virSecurityManagerPtr mgr;
- virDomainObjPtr vm;
+ virDomainDefPtr def;
};
/*
@@ -159,7 +159,7 @@ profile_status_file(const char *str)
static int
load_profile(virSecurityManagerPtr mgr,
const char *profile,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *fn,
bool append)
{
@@ -170,7 +170,7 @@ load_profile(virSecurityManagerPtr mgr,
const char *probe = virSecurityManagerGetAllowDiskFormatProbing(mgr)
? "1" : "0";
- xml = virDomainDefFormat(vm->def, VIR_DOMAIN_XML_SECURE);
+ xml = virDomainDefFormat(def, VIR_DOMAIN_XML_SECURE);
if (!xml)
goto clean;
@@ -212,12 +212,12 @@ remove_profile(const char *profile)
}
static char *
-get_profile_name(virDomainObjPtr vm)
+get_profile_name(virDomainDefPtr def)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *name = NULL;
- virUUIDFormat(vm->def->uuid, uuidstr);
+ virUUIDFormat(def->uuid, uuidstr);
if (virAsprintf(&name, "%s%s", AA_PREFIX, uuidstr) < 0) {
virReportOOMError();
return NULL;
@@ -257,23 +257,23 @@ cleanup:
*/
static int
reload_profile(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *fn,
bool append)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int rc = -1;
char *profile_name = NULL;
if (secdef->norelabel)
return 0;
- if ((profile_name = get_profile_name(vm)) == NULL)
+ if ((profile_name = get_profile_name(def)) == NULL)
return rc;
/* Update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) {
- if (load_profile(mgr, secdef->imagelabel, vm, fn, append) < 0) {
+ if (load_profile(mgr, secdef->imagelabel, def, fn, append) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
@@ -294,10 +294,10 @@ AppArmorSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
const char *file, void *opaque)
{
struct SDPDOP *ptr = opaque;
- virDomainObjPtr vm = ptr->vm;
+ virDomainDefPtr def = ptr->def;
- if (reload_profile(ptr->mgr, vm, file, true) < 0) {
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ if (reload_profile(ptr->mgr, def, file, true) < 0) {
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
@@ -312,10 +312,10 @@ AppArmorSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
const char *file, void *opaque)
{
struct SDPDOP *ptr = opaque;
- virDomainObjPtr vm = ptr->vm;
+ virDomainDefPtr def = ptr->def;
- if (reload_profile(ptr->mgr, vm, file, true) < 0) {
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ if (reload_profile(ptr->mgr, def, file, true) < 0) {
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
@@ -390,56 +390,56 @@ AppArmorSecurityManagerGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
*/
static int
AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
int rc = -1;
char *profile_name = NULL;
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
- if (vm->def->seclabel.baselabel) {
+ if (def->seclabel.baselabel) {
virSecurityReportError(VIR_ERR_CONFIG_UNSUPPORTED,
"%s", _("Cannot set a base label with AppArmour"));
return rc;
}
- if ((vm->def->seclabel.label) ||
- (vm->def->seclabel.model) || (vm->def->seclabel.imagelabel)) {
+ if ((def->seclabel.label) ||
+ (def->seclabel.model) || (def->seclabel.imagelabel)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s",
_("security label already defined for VM"));
return rc;
}
- if ((profile_name = get_profile_name(vm)) == NULL)
+ if ((profile_name = get_profile_name(def)) == NULL)
return rc;
- vm->def->seclabel.label = strndup(profile_name, strlen(profile_name));
- if (!vm->def->seclabel.label) {
+ def->seclabel.label = strndup(profile_name, strlen(profile_name));
+ if (!def->seclabel.label) {
virReportOOMError();
goto clean;
}
/* set imagelabel the same as label (but we won't use it) */
- vm->def->seclabel.imagelabel = strndup(profile_name,
+ def->seclabel.imagelabel = strndup(profile_name,
strlen(profile_name));
- if (!vm->def->seclabel.imagelabel) {
+ if (!def->seclabel.imagelabel) {
virReportOOMError();
goto err;
}
- vm->def->seclabel.model = strdup(SECURITY_APPARMOR_NAME);
- if (!vm->def->seclabel.model) {
+ def->seclabel.model = strdup(SECURITY_APPARMOR_NAME);
+ if (!def->seclabel.model) {
virReportOOMError();
goto err;
}
/* Now that we have a label, load the profile into the kernel. */
- if (load_profile(mgr, vm->def->seclabel.label, vm, NULL, false) < 0) {
+ if (load_profile(mgr, def->seclabel.label, def, NULL, false) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot load AppArmor profile "
- "\'%s\'"), vm->def->seclabel.label);
+ "\'%s\'"), def->seclabel.label);
goto err;
}
@@ -447,9 +447,9 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
goto clean;
err:
- VIR_FREE(vm->def->seclabel.label);
- VIR_FREE(vm->def->seclabel.imagelabel);
- VIR_FREE(vm->def->seclabel.model);
+ VIR_FREE(def->seclabel.label);
+ VIR_FREE(def->seclabel.imagelabel);
+ VIR_FREE(def->seclabel.model);
clean:
VIR_FREE(profile_name);
@@ -459,15 +459,15 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm, const char *stdin_path)
+ virDomainDefPtr def, const char *stdin_path)
{
- if (vm->def->seclabel.norelabel)
+ if (def->seclabel.norelabel)
return 0;
/* Reload the profile if stdin_path is specified. Note that
GenSecurityLabel() will have already been run. */
if (stdin_path)
- return reload_profile(mgr, vm, stdin_path, true);
+ return reload_profile(mgr, def, stdin_path, true);
return 0;
}
@@ -477,13 +477,14 @@ AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr,
*/
static int
AppArmorGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
+ pid_t pid,
virSecurityLabelPtr sec)
{
int rc = -1;
char *profile_name = NULL;
- if ((profile_name = get_profile_name(vm)) == NULL)
+ if ((profile_name = get_profile_name(def)) == NULL)
return rc;
if (virStrcpy(sec->label, profile_name,
@@ -511,9 +512,9 @@ AppArmorGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
*/
static int
AppArmorReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
VIR_FREE(secdef->model);
VIR_FREE(secdef->label);
@@ -525,10 +526,10 @@ AppArmorReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
AppArmorRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int migrated ATTRIBUTE_UNUSED)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int rc = 0;
if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
@@ -545,13 +546,13 @@ AppArmorRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
* LOCALSTATEDIR/log/libvirt/qemu/<vm name>.log
*/
static int
-AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm)
+AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainDefPtr def)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int rc = -1;
char *profile_name = NULL;
- if ((profile_name = get_profile_name(vm)) == NULL)
+ if ((profile_name = get_profile_name(def)) == NULL)
return rc;
if (STRNEQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -579,21 +580,21 @@ AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm)
static int
AppArmorSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
static int
AppArmorSetSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
static int
AppArmorClearSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
@@ -602,18 +603,18 @@ AppArmorClearSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
/* Called when hotplugging */
static int
AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
{
- return reload_profile(mgr, vm, NULL, false);
+ return reload_profile(mgr, def, NULL, false);
}
/* Called when hotplugging */
static int
AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm, virDomainDiskDefPtr disk)
+ virDomainDefPtr def, virDomainDiskDefPtr disk)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int rc = -1;
char *profile_name;
@@ -631,12 +632,12 @@ AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr,
return rc;
}
- if ((profile_name = get_profile_name(vm)) == NULL)
+ if ((profile_name = get_profile_name(def)) == NULL)
return rc;
/* update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) {
- if (load_profile(mgr, secdef->imagelabel, vm, disk->src,
+ if (load_profile(mgr, secdef->imagelabel, def, disk->src,
false) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
@@ -673,7 +674,8 @@ AppArmorSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
AppArmorReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ pid_t pid ATTRIBUTE_UNUSED)
{
/* NOOP. Nothing to reserve with AppArmor */
return 0;
@@ -681,11 +683,11 @@ AppArmorReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
struct SDPDOP *ptr;
int ret = -1;
@@ -701,7 +703,7 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
if (VIR_ALLOC(ptr) < 0)
return -1;
ptr->mgr = mgr;
- ptr->vm = vm;
+ ptr->def = def;
switch (dev->source.subsys.type) {
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
@@ -743,44 +745,44 @@ done:
static int
AppArmorRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->norelabel)
return 0;
- return reload_profile(mgr, vm, NULL, false);
+ return reload_profile(mgr, def, NULL, false);
}
static int
AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile)
{
- return reload_profile(mgr, vm, savefile, true);
+ return reload_profile(mgr, def, savefile, true);
}
static int
AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile ATTRIBUTE_UNUSED)
{
- return reload_profile(mgr, vm, NULL, false);
+ return reload_profile(mgr, def, NULL, false);
}
static int
AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int fd)
{
int rc = -1;
char *proc = NULL;
char *fd_path = NULL;
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->imagelabel == NULL)
return 0;
@@ -796,7 +798,7 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
return rc;
}
- return reload_profile(mgr, vm, fd_path, true);
+ return reload_profile(mgr, def, fd_path, true);
}
virSecurityDriver virAppArmorSecurityDriver = {
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0e75319..9c0017b 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -171,7 +171,7 @@ virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
static int
virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk)
{
@@ -190,7 +190,7 @@ virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr,
static int
virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk,
int migrated)
{
@@ -235,10 +235,10 @@ virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
static int
virSecurityDACRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk)
{
- return virSecurityDACRestoreSecurityImageLabelInt(mgr, vm, disk, 0);
+ return virSecurityDACRestoreSecurityImageLabelInt(mgr, def, disk, 0);
}
@@ -268,7 +268,7 @@ virSecurityDACSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
static int
virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
virDomainHostdevDefPtr dev)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -338,7 +338,7 @@ virSecurityDACRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
static int
virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
virDomainHostdevDefPtr dev)
{
@@ -489,7 +489,7 @@ virSecurityDACRestoreChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
static int
virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int migrated)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -501,34 +501,34 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
VIR_DEBUG("Restoring security label on %s migrated=%d",
- vm->def->name, migrated);
+ def->name, migrated);
- for (i = 0 ; i < vm->def->nhostdevs ; i++) {
+ for (i = 0 ; i < def->nhostdevs ; i++) {
if (virSecurityDACRestoreSecurityHostdevLabel(mgr,
- vm,
- vm->def->hostdevs[i]) < 0)
+ def,
+ def->hostdevs[i]) < 0)
rc = -1;
}
- for (i = 0 ; i < vm->def->ndisks ; i++) {
+ for (i = 0 ; i < def->ndisks ; i++) {
if (virSecurityDACRestoreSecurityImageLabelInt(mgr,
- vm,
- vm->def->disks[i],
+ def,
+ def->disks[i],
migrated) < 0)
rc = -1;
}
- if (virDomainChrDefForeach(vm->def,
+ if (virDomainChrDefForeach(def,
false,
virSecurityDACRestoreChardevCallback,
mgr) < 0)
rc = -1;
- if (vm->def->os.kernel &&
- virSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
+ if (def->os.kernel &&
+ virSecurityDACRestoreSecurityFileLabel(def->os.kernel) < 0)
rc = -1;
- if (vm->def->os.initrd &&
- virSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
+ if (def->os.initrd &&
+ virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
rc = -1;
return rc;
@@ -548,7 +548,7 @@ virSecurityDACSetChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
static int
virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *stdin_path ATTRIBUTE_UNUSED)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -557,36 +557,36 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
if (!priv->dynamicOwnership)
return 0;
- for (i = 0 ; i < vm->def->ndisks ; i++) {
+ for (i = 0 ; i < def->ndisks ; i++) {
/* XXX fixme - we need to recursively label the entire tree :-( */
- if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
+ if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
continue;
if (virSecurityDACSetSecurityImageLabel(mgr,
- vm,
- vm->def->disks[i]) < 0)
+ def,
+ def->disks[i]) < 0)
return -1;
}
- for (i = 0 ; i < vm->def->nhostdevs ; i++) {
+ for (i = 0 ; i < def->nhostdevs ; i++) {
if (virSecurityDACSetSecurityHostdevLabel(mgr,
- vm,
- vm->def->hostdevs[i]) < 0)
+ def,
+ def->hostdevs[i]) < 0)
return -1;
}
- if (virDomainChrDefForeach(vm->def,
+ if (virDomainChrDefForeach(def,
true,
virSecurityDACSetChardevCallback,
mgr) < 0)
return -1;
- if (vm->def->os.kernel &&
- virSecurityDACSetOwnership(vm->def->os.kernel,
+ if (def->os.kernel &&
+ virSecurityDACSetOwnership(def->os.kernel,
priv->user,
priv->group) < 0)
return -1;
- if (vm->def->os.initrd &&
- virSecurityDACSetOwnership(vm->def->os.initrd,
+ if (def->os.initrd &&
+ virSecurityDACSetOwnership(def->os.initrd,
priv->user,
priv->group) < 0)
return -1;
@@ -597,7 +597,7 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
static int
virSecurityDACSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
const char *savefile)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -608,7 +608,7 @@ virSecurityDACSetSavedStateLabel(virSecurityManagerPtr mgr,
static int
virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
const char *savefile)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -622,11 +622,11 @@ virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr,
static int
virSecurityDACSetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
- VIR_DEBUG("Dropping privileges of VM to %u:%u",
+ VIR_DEBUG("Dropping privileges of DEF to %u:%u",
(unsigned int) priv->user, (unsigned int) priv->group);
if (virSetUIDGID(priv->user, priv->group) < 0)
@@ -645,28 +645,30 @@ virSecurityDACVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
virSecurityDACGenLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
static int
virSecurityDACReleaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
static int
virSecurityDACReserveLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ pid_t pid ATTRIBUTE_UNUSED)
{
return 0;
}
static int
virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ pid_t pid ATTRIBUTE_UNUSED,
virSecurityLabelPtr seclabel ATTRIBUTE_UNUSED)
{
return 0;
@@ -674,7 +676,7 @@ virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
@@ -682,7 +684,7 @@ virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
@@ -690,20 +692,19 @@ virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
virSecurityDACClearSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
static int
virSecurityDACSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
int fd ATTRIBUTE_UNUSED)
{
return 0;
}
-
virSecurityDriver virSecurityDriverDAC = {
sizeof(virSecurityDACData),
"virDAC",
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index aea90b0..f0ace1c 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -39,50 +39,52 @@ typedef const char *(*virSecurityDriverGetModel) (virSecurityManagerPtr mgr);
typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk);
typedef int (*virSecurityDomainSetDaemonSocketLabel)(virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr vm);
typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr def);
typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr def);
typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk);
typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev);
typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev);
typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile);
typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile);
typedef int (*virSecurityDomainGenLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr sec);
+ virDomainDefPtr sec);
typedef int (*virSecurityDomainReserveLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr sec);
+ virDomainDefPtr sec,
+ pid_t pid);
typedef int (*virSecurityDomainReleaseLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr sec);
+ virDomainDefPtr sec);
typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr sec,
+ virDomainDefPtr sec,
const char *stdin_path);
typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int migrated);
typedef int (*virSecurityDomainGetProcessLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
+ pid_t pid,
virSecurityLabelPtr sec);
typedef int (*virSecurityDomainSetProcessLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr def);
typedef int (*virSecurityDomainSecurityVerify) (virSecurityManagerPtr mgr,
virDomainDefPtr def);
typedef int (*virSecurityDomainSetImageFDLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int fd);
struct _virSecurityDriver {
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index cae9b83..2e4956a 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -150,7 +150,7 @@ bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr)
}
int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainDiskDefPtr disk)
{
if (mgr->drv->domainRestoreSecurityImageLabel)
@@ -161,7 +161,7 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
if (mgr->drv->domainSetSecurityDaemonSocketLabel)
return mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm);
@@ -171,7 +171,7 @@ int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
if (mgr->drv->domainSetSecuritySocketLabel)
return mgr->drv->domainSetSecuritySocketLabel(mgr, vm);
@@ -181,7 +181,7 @@ int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
if (mgr->drv->domainClearSecuritySocketLabel)
return mgr->drv->domainClearSecuritySocketLabel(mgr, vm);
@@ -191,7 +191,7 @@ int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainDiskDefPtr disk)
{
if (mgr->drv->domainSetSecurityImageLabel)
@@ -202,7 +202,7 @@ int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainHostdevDefPtr dev)
{
if (mgr->drv->domainRestoreSecurityHostdevLabel)
@@ -213,7 +213,7 @@ int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainHostdevDefPtr dev)
{
if (mgr->drv->domainSetSecurityHostdevLabel)
@@ -224,7 +224,7 @@ int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
const char *savefile)
{
if (mgr->drv->domainSetSavedStateLabel)
@@ -235,7 +235,7 @@ int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
const char *savefile)
{
if (mgr->drv->domainRestoreSavedStateLabel)
@@ -246,7 +246,7 @@ int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
if (mgr->drv->domainGenSecurityLabel)
return mgr->drv->domainGenSecurityLabel(mgr, vm);
@@ -256,17 +256,18 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm,
+ pid_t pid)
{
if (mgr->drv->domainReserveSecurityLabel)
- return mgr->drv->domainReserveSecurityLabel(mgr, vm);
+ return mgr->drv->domainReserveSecurityLabel(mgr, vm, pid);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
int virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
if (mgr->drv->domainReleaseSecurityLabel)
return mgr->drv->domainReleaseSecurityLabel(mgr, vm);
@@ -276,7 +277,7 @@ int virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
const char *stdin_path)
{
if (mgr->drv->domainSetSecurityAllLabel)
@@ -287,7 +288,7 @@ int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
int migrated)
{
if (mgr->drv->domainRestoreSecurityAllLabel)
@@ -298,18 +299,19 @@ int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
+ pid_t pid,
virSecurityLabelPtr sec)
{
if (mgr->drv->domainGetSecurityProcessLabel)
- return mgr->drv->domainGetSecurityProcessLabel(mgr, vm, sec);
+ return mgr->drv->domainGetSecurityProcessLabel(mgr, vm, pid, sec);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
if (mgr->drv->domainSetSecurityProcessLabel)
return mgr->drv->domainSetSecurityProcessLabel(mgr, vm);
@@ -337,7 +339,7 @@ int virSecurityManagerVerify(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
int fd)
{
if (mgr->drv->domainSetSecurityImageFDLabel)
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 12cd498..6731d59 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -51,50 +51,52 @@ const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk);
int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr vm);
int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr def);
int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr def);
int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk);
int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev);
int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev);
int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile);
int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile);
int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr sec);
+ virDomainDefPtr sec);
int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr sec);
+ virDomainDefPtr sec,
+ pid_t pid);
int virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr sec);
+ virDomainDefPtr sec);
int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr sec,
+ virDomainDefPtr sec,
const char *stdin_path);
int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int migrated);
int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
+ pid_t pid,
virSecurityLabelPtr sec);
int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr def);
int virSecurityManagerVerify(virSecurityManagerPtr mgr,
virDomainDefPtr def);
int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int fd);
#endif /* VIR_SECURITY_MANAGER_H__ */
diff --git a/src/security/security_nop.c b/src/security/security_nop.c
index a68a6c0..c3bd426 100644
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -47,104 +47,106 @@ static const char * virSecurityDriverGetDOINop(virSecurityManagerPtr mgr ATTRIBU
}
static int virSecurityDomainRestoreImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetDaemonSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainClearSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainRestoreHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetSavedStateLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
const char *savefile ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainRestoreSavedStateLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
const char *savefile ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainGenLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr sec ATTRIBUTE_UNUSED)
+ virDomainDefPtr sec ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainReserveLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr sec ATTRIBUTE_UNUSED)
+ virDomainDefPtr sec ATTRIBUTE_UNUSED,
+ pid_t pid ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainReleaseLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr sec ATTRIBUTE_UNUSED)
+ virDomainDefPtr sec ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr sec ATTRIBUTE_UNUSED,
+ virDomainDefPtr sec ATTRIBUTE_UNUSED,
const char *stdin_path ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainRestoreAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
int migrated ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainGetProcessLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
+ pid_t pid ATTRIBUTE_UNUSED,
virSecurityLabelPtr sec ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetProcessLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
@@ -156,7 +158,7 @@ static int virSecurityDomainVerifyNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED
}
static int virSecurityDomainSetFDLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr sec ATTRIBUTE_UNUSED,
+ virDomainDefPtr sec ATTRIBUTE_UNUSED,
int fd ATTRIBUTE_UNUSED)
{
return 0;
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 78c0d45..8b7c0ed 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -162,7 +162,7 @@ SELinuxInitialize(void)
static int
SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
int rc = -1;
char *mcs = NULL;
@@ -171,40 +171,40 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
int c2 = 0;
context_t ctx = NULL;
- if ((vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) &&
- !vm->def->seclabel.baselabel &&
- vm->def->seclabel.model) {
+ if ((def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) &&
+ !def->seclabel.baselabel &&
+ def->seclabel.model) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security model already defined for VM"));
return rc;
}
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
- vm->def->seclabel.label) {
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+ def->seclabel.label) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security label already defined for VM"));
return rc;
}
- if (vm->def->seclabel.imagelabel) {
+ if (def->seclabel.imagelabel) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security image label already defined for VM"));
return rc;
}
- if (vm->def->seclabel.model &&
- STRNEQ(vm->def->seclabel.model, SECURITY_SELINUX_NAME)) {
+ if (def->seclabel.model &&
+ STRNEQ(def->seclabel.model, SECURITY_SELINUX_NAME)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("security label model %s is not supported with selinux"),
- vm->def->seclabel.model);
+ def->seclabel.model);
return rc;
}
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) {
- if (!(ctx = context_new(vm->def->seclabel.label)) ) {
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) {
+ if (!(ctx = context_new(def->seclabel.label)) ) {
virReportSystemError(errno,
_("unable to allocate socket security context '%s'"),
- vm->def->seclabel.label);
+ def->seclabel.label);
return rc;
}
@@ -237,25 +237,25 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
}
} while (mcsAdd(mcs) == -1);
- vm->def->seclabel.label =
- SELinuxGenNewContext(vm->def->seclabel.baselabel ?
- vm->def->seclabel.baselabel :
+ def->seclabel.label =
+ SELinuxGenNewContext(def->seclabel.baselabel ?
+ def->seclabel.baselabel :
default_domain_context, mcs);
- if (! vm->def->seclabel.label) {
+ if (! def->seclabel.label) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs);
goto cleanup;
}
}
- vm->def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs);
- if (!vm->def->seclabel.imagelabel) {
+ def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs);
+ if (!def->seclabel.imagelabel) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs);
goto cleanup;
}
- if (!vm->def->seclabel.model &&
- !(vm->def->seclabel.model = strdup(SECURITY_SELINUX_NAME))) {
+ if (!def->seclabel.model &&
+ !(def->seclabel.model = strdup(SECURITY_SELINUX_NAME))) {
virReportOOMError();
goto cleanup;
}
@@ -264,12 +264,12 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
cleanup:
if (rc != 0) {
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC)
- VIR_FREE(vm->def->seclabel.label);
- VIR_FREE(vm->def->seclabel.imagelabel);
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
- !vm->def->seclabel.baselabel)
- VIR_FREE(vm->def->seclabel.model);
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC)
+ VIR_FREE(def->seclabel.label);
+ VIR_FREE(def->seclabel.imagelabel);
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+ !def->seclabel.baselabel)
+ VIR_FREE(def->seclabel.model);
}
if (ctx)
@@ -278,28 +278,29 @@ cleanup:
VIR_FREE(mcs);
VIR_DEBUG("model=%s label=%s imagelabel=%s baselabel=%s",
- NULLSTR(vm->def->seclabel.model),
- NULLSTR(vm->def->seclabel.label),
- NULLSTR(vm->def->seclabel.imagelabel),
- NULLSTR(vm->def->seclabel.baselabel));
+ NULLSTR(def->seclabel.model),
+ NULLSTR(def->seclabel.label),
+ NULLSTR(def->seclabel.imagelabel),
+ NULLSTR(def->seclabel.baselabel));
return rc;
}
static int
SELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+ virDomainDefPtr def,
+ pid_t pid)
{
security_context_t pctx;
context_t ctx = NULL;
const char *mcs;
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
- if (getpidcon(vm->pid, &pctx) == -1) {
+ if (getpidcon(pid, &pctx) == -1) {
virReportSystemError(errno,
- _("unable to get PID %d security context"), vm->pid);
+ _("unable to get PID %d security context"), pid);
return -1;
}
@@ -360,15 +361,16 @@ static const char *SELinuxSecurityGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNU
static int
SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ pid_t pid,
virSecurityLabelPtr sec)
{
security_context_t ctx;
- if (getpidcon(vm->pid, &ctx) == -1) {
+ if (getpidcon(pid, &ctx) == -1) {
virReportSystemError(errno,
_("unable to get PID %d security context"),
- vm->pid);
+ pid);
return -1;
}
@@ -543,11 +545,11 @@ err:
static int
SELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk,
int migrated)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->norelabel)
return 0;
@@ -588,10 +590,10 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
SELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk)
{
- return SELinuxRestoreSecurityImageLabelInt(mgr, vm, disk, 0);
+ return SELinuxRestoreSecurityImageLabelInt(mgr, def, disk, 0);
}
@@ -626,11 +628,11 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
static int
SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
bool allowDiskFormatProbing = virSecurityManagerGetAllowDiskFormatProbing(mgr);
if (secdef->norelabel)
@@ -648,8 +650,8 @@ static int
SELinuxSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
const char *file, void *opaque)
{
- virDomainObjPtr vm = opaque;
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ virDomainDefPtr def = opaque;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
return SELinuxSetFilecon(file, secdef->imagelabel);
}
@@ -658,19 +660,19 @@ static int
SELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
const char *file, void *opaque)
{
- virDomainObjPtr vm = opaque;
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ virDomainDefPtr def = opaque;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
return SELinuxSetFilecon(file, secdef->imagelabel);
}
static int
SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int ret = -1;
if (secdef->norelabel)
@@ -687,7 +689,7 @@ SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (!usb)
goto done;
- ret = usbDeviceFileIterate(usb, SELinuxSetSecurityUSBLabel, vm);
+ ret = usbDeviceFileIterate(usb, SELinuxSetSecurityUSBLabel, def);
usbFreeDevice(usb);
break;
}
@@ -701,7 +703,7 @@ SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (!pci)
goto done;
- ret = pciDeviceFileIterate(pci, SELinuxSetSecurityPCILabel, vm);
+ ret = pciDeviceFileIterate(pci, SELinuxSetSecurityPCILabel, def);
pciFreeDevice(pci);
break;
@@ -735,11 +737,11 @@ SELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
static int
SELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int ret = -1;
if (secdef->norelabel)
@@ -788,11 +790,11 @@ done:
static int
-SELinuxSetSecurityChardevLabel(virDomainObjPtr vm,
+SELinuxSetSecurityChardevLabel(virDomainDefPtr def,
virDomainChrSourceDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
char *in = NULL, *out = NULL;
int ret = -1;
@@ -834,11 +836,11 @@ done:
}
static int
-SELinuxRestoreSecurityChardevLabel(virDomainObjPtr vm,
+SELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
virDomainChrSourceDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
char *in = NULL, *out = NULL;
int ret = -1;
@@ -882,27 +884,24 @@ done:
static int
-SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def,
virDomainChrDefPtr dev,
- void *opaque)
+ void *opaque ATTRIBUTE_UNUSED)
{
- virDomainObjPtr vm = opaque;
-
/* This is taken care of by processing of def->serials */
if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE &&
dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
return 0;
- return SELinuxRestoreSecurityChardevLabel(vm, &dev->source);
+ return SELinuxRestoreSecurityChardevLabel(def, &dev->source);
}
static int
-SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
virDomainSmartcardDefPtr dev,
- void *opaque)
+ void *opaque ATTRIBUTE_UNUSED)
{
- virDomainObjPtr vm = opaque;
const char *database;
switch (dev->type) {
@@ -916,7 +915,7 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
return SELinuxRestoreSecurityFileLabel(database);
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
- return SELinuxRestoreSecurityChardevLabel(vm, &dev->data.passthru);
+ return SELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru);
default:
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
@@ -931,50 +930,50 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
static int
SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int migrated ATTRIBUTE_UNUSED)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int i;
int rc = 0;
- VIR_DEBUG("Restoring security label on %s", vm->def->name);
+ VIR_DEBUG("Restoring security label on %s", def->name);
if (secdef->norelabel)
return 0;
- for (i = 0 ; i < vm->def->nhostdevs ; i++) {
+ for (i = 0 ; i < def->nhostdevs ; i++) {
if (SELinuxRestoreSecurityHostdevLabel(mgr,
- vm,
- vm->def->hostdevs[i]) < 0)
+ def,
+ def->hostdevs[i]) < 0)
rc = -1;
}
- for (i = 0 ; i < vm->def->ndisks ; i++) {
+ for (i = 0 ; i < def->ndisks ; i++) {
if (SELinuxRestoreSecurityImageLabelInt(mgr,
- vm,
- vm->def->disks[i],
+ def,
+ def->disks[i],
migrated) < 0)
rc = -1;
}
- if (virDomainChrDefForeach(vm->def,
+ if (virDomainChrDefForeach(def,
false,
SELinuxRestoreSecurityChardevCallback,
- vm) < 0)
+ NULL) < 0)
rc = -1;
- if (virDomainSmartcardDefForeach(vm->def,
+ if (virDomainSmartcardDefForeach(def,
false,
SELinuxRestoreSecuritySmartcardCallback,
- vm) < 0)
+ NULL) < 0)
rc = -1;
- if (vm->def->os.kernel &&
- SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
+ if (def->os.kernel &&
+ SELinuxRestoreSecurityFileLabel(def->os.kernel) < 0)
rc = -1;
- if (vm->def->os.initrd &&
- SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
+ if (def->os.initrd &&
+ SELinuxRestoreSecurityFileLabel(def->os.initrd) < 0)
rc = -1;
return rc;
@@ -982,9 +981,9 @@ SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
if (secdef->label != NULL) {
@@ -1006,10 +1005,10 @@ SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
SELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->norelabel)
return 0;
@@ -1020,10 +1019,10 @@ SELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
SELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->norelabel)
return 0;
@@ -1058,12 +1057,12 @@ SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
/* TODO: verify DOI */
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
- if (vm->def->seclabel.label == NULL)
+ if (def->seclabel.label == NULL)
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -1089,16 +1088,16 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
static int
SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
/* TODO: verify DOI */
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
context_t execcon = NULL;
context_t proccon = NULL;
security_context_t scon = NULL;
int rc = -1;
- if (vm->def->seclabel.label == NULL)
+ if (def->seclabel.label == NULL)
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -1139,7 +1138,7 @@ SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
}
VIR_DEBUG("Setting VM %s socket context %s",
- vm->def->name, context_str(proccon));
+ def->name, context_str(proccon));
if (setsockcreatecon(context_str(proccon)) == -1) {
virReportSystemError(errno,
_("unable to set socket security context '%s'"),
@@ -1160,9 +1159,9 @@ done:
static int
SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &vm->seclabel;
int rc = -1;
if (secdef->label == NULL)
@@ -1178,7 +1177,7 @@ SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
}
VIR_DEBUG("Setting VM %s socket context %s",
- vm->def->name, secdef->label);
+ vm->name, secdef->label);
if (setsockcreatecon(secdef->label) == -1) {
virReportSystemError(errno,
_("unable to set socket security context '%s'"),
@@ -1197,12 +1196,12 @@ done:
static int
SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
/* TODO: verify DOI */
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
- if (vm->def->seclabel.label == NULL)
+ if (def->seclabel.label == NULL)
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -1227,27 +1226,24 @@ SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
static int
-SELinuxSetSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+SELinuxSetSecurityChardevCallback(virDomainDefPtr def,
virDomainChrDefPtr dev,
- void *opaque)
+ void *opaque ATTRIBUTE_UNUSED)
{
- virDomainObjPtr vm = opaque;
-
/* This is taken care of by processing of def->serials */
if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE &&
dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
return 0;
- return SELinuxSetSecurityChardevLabel(vm, &dev->source);
+ return SELinuxSetSecurityChardevLabel(def, &dev->source);
}
static int
-SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
virDomainSmartcardDefPtr dev,
- void *opaque)
+ void *opaque ATTRIBUTE_UNUSED)
{
- virDomainObjPtr vm = opaque;
const char *database;
switch (dev->type) {
@@ -1261,7 +1257,7 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
return SELinuxSetFilecon(database, default_content_context);
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
- return SELinuxSetSecurityChardevLabel(vm, &dev->data.passthru);
+ return SELinuxSetSecurityChardevLabel(def, &dev->data.passthru);
default:
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
@@ -1276,53 +1272,53 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
static int
SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *stdin_path)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int i;
if (secdef->norelabel)
return 0;
- for (i = 0 ; i < vm->def->ndisks ; i++) {
+ for (i = 0 ; i < def->ndisks ; i++) {
/* XXX fixme - we need to recursively label the entire tree :-( */
- if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR) {
+ if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR) {
VIR_WARN("Unable to relabel directory tree %s for disk %s",
- vm->def->disks[i]->src, vm->def->disks[i]->dst);
+ def->disks[i]->src, def->disks[i]->dst);
continue;
}
if (SELinuxSetSecurityImageLabel(mgr,
- vm, vm->def->disks[i]) < 0)
+ def, def->disks[i]) < 0)
return -1;
}
- /* XXX fixme process vm->def->fss if relabel == true */
+ /* XXX fixme process def->fss if relabel == true */
- for (i = 0 ; i < vm->def->nhostdevs ; i++) {
+ for (i = 0 ; i < def->nhostdevs ; i++) {
if (SELinuxSetSecurityHostdevLabel(mgr,
- vm,
- vm->def->hostdevs[i]) < 0)
+ def,
+ def->hostdevs[i]) < 0)
return -1;
}
- if (virDomainChrDefForeach(vm->def,
+ if (virDomainChrDefForeach(def,
true,
SELinuxSetSecurityChardevCallback,
- vm) < 0)
+ NULL) < 0)
return -1;
- if (virDomainSmartcardDefForeach(vm->def,
+ if (virDomainSmartcardDefForeach(def,
true,
SELinuxSetSecuritySmartcardCallback,
- vm) < 0)
+ NULL) < 0)
return -1;
- if (vm->def->os.kernel &&
- SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
+ if (def->os.kernel &&
+ SELinuxSetFilecon(def->os.kernel, default_content_context) < 0)
return -1;
- if (vm->def->os.initrd &&
- SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0)
+ if (def->os.initrd &&
+ SELinuxSetFilecon(def->os.initrd, default_content_context) < 0)
return -1;
if (stdin_path) {
@@ -1337,10 +1333,10 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
static int
SELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int fd)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->imagelabel == NULL)
return 0;
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 3f601c1..c82865f 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -106,7 +106,7 @@ virSecurityStackVerify(virSecurityManagerPtr mgr,
static int
virSecurityStackGenLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
@@ -131,7 +131,7 @@ virSecurityStackGenLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackReleaseLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
@@ -150,16 +150,17 @@ virSecurityStackReleaseLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackReserveLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm,
+ pid_t pid)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
- if (virSecurityManagerReserveLabel(priv->primary, vm) < 0)
+ if (virSecurityManagerReserveLabel(priv->primary, vm, pid) < 0)
rc = -1;
#if 0
/* XXX See note in GenLabel */
- if (virSecurityManagerReserveLabel(priv->secondary, vm) < 0)
+ if (virSecurityManagerReserveLabel(priv->secondary, vm, pid) < 0)
rc = -1;
#endif
@@ -169,7 +170,7 @@ virSecurityStackReserveLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainDiskDefPtr disk)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -186,7 +187,7 @@ virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainDiskDefPtr disk)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -203,7 +204,7 @@ virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainHostdevDefPtr dev)
{
@@ -221,7 +222,7 @@ virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainHostdevDefPtr dev)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -238,7 +239,7 @@ virSecurityStackRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
const char *stdin_path)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -255,7 +256,7 @@ virSecurityStackSetSecurityAllLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
int migrated)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -272,7 +273,7 @@ virSecurityStackRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
const char *savefile)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -289,7 +290,7 @@ virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
const char *savefile)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -306,7 +307,7 @@ virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
@@ -321,17 +322,18 @@ virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
+ pid_t pid,
virSecurityLabelPtr seclabel)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
#if 0
- if (virSecurityManagerGetProcessLabel(priv->secondary, vm, seclabel) < 0)
+ if (virSecurityManagerGetProcessLabel(priv->secondary, vm, pid, seclabel) < 0)
rc = -1;
#endif
- if (virSecurityManagerGetProcessLabel(priv->primary, vm, seclabel) < 0)
+ if (virSecurityManagerGetProcessLabel(priv->primary, vm, pid, seclabel) < 0)
rc = -1;
return rc;
@@ -340,7 +342,7 @@ virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetDaemonSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
@@ -356,7 +358,7 @@ virSecurityStackSetDaemonSocketLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
@@ -372,7 +374,7 @@ virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackClearSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
@@ -387,7 +389,7 @@ virSecurityStackClearSocketLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetImageFDLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
int fd)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
--
1.7.6.4
12 years, 9 months