[libvirt] [PATCH V4] enhance hostdev mode 'capabilities' process
by Jincheng Miao
Currently, only LXC has hostdev mode 'capabilities' support,
so the other drivers should forbid to define it in XML.
The hostdev mode check is added to devicesPostParseCallback()
for each hypervisor driver.
But there are some drivers lack function devicesPostParseCallback(),
so only add check for qemu, libxl, openvz, uml, xen, xenapi.
Signed-off-by: Jincheng Miao <jmiao(a)redhat.com>
---
src/libxl/libxl_domain.c | 9 +++++++++
src/openvz/openvz_driver.c | 10 ++++++++++
src/qemu/qemu_domain.c | 10 ++++++++++
src/uml/uml_driver.c | 10 ++++++++++
src/xen/xen_driver.c | 10 ++++++++++
src/xenapi/xenapi_driver.c | 10 ++++++++++
6 files changed, 59 insertions(+), 0 deletions(-)
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index 73242ac..3bcbd3d 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -485,6 +485,15 @@ libxlDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) {
virDomainHostdevDefPtr hostdev = dev->data.hostdev;
+ /* forbid capabilities mode hostdev in this kind of hypervisor */
+ if (hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("hostdev mode 'capabilities' mode is not "
+ "supported in %s"),
+ virDomainVirtTypeToString(def->virtType));
+ return -1;
+ }
+
if (hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI &&
hostdev->source.subsys.u.pci.backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_DEFAULT)
diff --git a/src/openvz/openvz_driver.c b/src/openvz/openvz_driver.c
index 4c815ed..5019e62 100644
--- a/src/openvz/openvz_driver.c
+++ b/src/openvz/openvz_driver.c
@@ -113,6 +113,16 @@ openvzDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
dev->data.chr->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_NONE)
dev->data.chr->targetType = VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_OPENVZ;
+ /* forbid capabilities mode hostdev in this kind of hypervisor */
+ if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV &&
+ dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("hostdev mode 'capabilities' mode is not "
+ "supported in %s"),
+ virDomainVirtTypeToString(def->virtType));
+ return -1;
+ }
+
return 0;
}
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 2e55c99..339b35d 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -940,6 +940,16 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
dev->data.chr->source.data.nix.listen = true;
}
+ /* forbid capabilities mode hostdev in this kind of hypervisor */
+ if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV &&
+ dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("hostdev mode 'capabilities' mode is not "
+ "supported in %s"),
+ virDomainVirtTypeToString(def->virtType));
+ goto cleanup;
+ }
+
ret = 0;
cleanup:
diff --git a/src/uml/uml_driver.c b/src/uml/uml_driver.c
index 5ccd443..7397689 100644
--- a/src/uml/uml_driver.c
+++ b/src/uml/uml_driver.c
@@ -430,6 +430,16 @@ umlDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
dev->data.chr->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_NONE)
dev->data.chr->targetType = VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_UML;
+ /* forbid capabilities mode hostdev in this kind of hypervisor */
+ if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV &&
+ dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("hostdev mode 'capabilities' mode is not "
+ "supported in %s"),
+ virDomainVirtTypeToString(def->virtType));
+ return -1;
+ }
+
return 0;
}
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index bd51909..e938abc 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -343,6 +343,16 @@ xenDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
STRNEQ(def->os.type, "hvm"))
dev->data.chr->targetType = VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_XEN;
+ /* forbid capabilities mode hostdev in this kind of hypervisor */
+ if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV &&
+ dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("hostdev mode 'capabilities' mode is not "
+ "supported in %s"),
+ virDomainVirtTypeToString(def->virtType));
+ return -1;
+ }
+
return 0;
}
diff --git a/src/xenapi/xenapi_driver.c b/src/xenapi/xenapi_driver.c
index 908448b..0113de8 100644
--- a/src/xenapi/xenapi_driver.c
+++ b/src/xenapi/xenapi_driver.c
@@ -55,6 +55,16 @@ xenapiDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
STRNEQ(def->os.type, "hvm"))
dev->data.chr->targetType = VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_XEN;
+ /* forbid capabilities mode hostdev in this kind of hypervisor */
+ if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV &&
+ dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("hostdev mode 'capabilities' mode is not "
+ "supported in %s"),
+ virDomainVirtTypeToString(def->virtType));
+ return -1;
+ }
+
return 0;
}
--
1.7.1
10 years, 5 months
[libvirt] [PATCH] Fix compiler warning while un-wraping python object to uint in libvirt_virNodeGetFreePages
by Nehal J Wani
Introduced by commit c8ba859bc78f5e3b0ed2590f4e8a7fa6c26ac08f
On compiling libvirt-python against libvirt 1.2.6, we get:
libvirt-override.c: In function ‘libvirt_virNodeGetFreePages’:
libvirt-override.c:7811:9: warning: pointer targets in passing argument 2 of ‘libvirt_intUnwrap’ differ in signedness [-Wpointer-sign]
if (libvirt_intUnwrap(tmp, &pages[i]) < 0)
^
In file included from libvirt-override.c:24:0:
typewrappers.h:169:5: note: expected ‘int *’ but argument is of type ‘unsigned int *’
int libvirt_intUnwrap(PyObject *obj, int *val);
^
---
libvirt-override.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libvirt-override.c b/libvirt-override.c
index 04fb4cd..40aefcc 100644
--- a/libvirt-override.c
+++ b/libvirt-override.c
@@ -7808,7 +7808,7 @@ libvirt_virNodeGetFreePages(PyObject *self ATTRIBUTE_UNUSED,
for (i = 0; i < pyobj_pagesize_size; i++) {
PyObject *tmp = PyList_GetItem(pyobj_pagesize, i);
- if (libvirt_intUnwrap(tmp, &pages[i]) < 0)
+ if (libvirt_uintUnwrap(tmp, &pages[i]) < 0)
goto cleanup;
}
--
1.9.3
10 years, 5 months
[libvirt] [PATCHv2 0/3] LXC drop/keep capabilities feature
by Cédric Bosdonnat
Changes since the previous version are:
* add 'b *:* m' and 'c *:* m' to the device white list is CAP_MKNOD
is requested instead of setting 'a *:* rwm'.
* Add a policy='default|allow|deny' for the features/capabilities
element.
Cédric Bosdonnat (3):
lxc: allow to keep or drop capabilities
lxc domain from xml: convert lxc.cap.drop
lxc: update doc to mention features/capabilities/* domain
configuration
docs/drvlxc.html.in | 47 +++++
docs/schemas/domaincommon.rng | 207 +++++++++++++++++++++
src/conf/domain_conf.c | 126 ++++++++++++-
src/conf/domain_conf.h | 56 ++++++
src/libvirt_private.syms | 3 +
src/lxc/lxc_cgroup.c | 8 +
src/lxc/lxc_container.c | 123 ++++++++++--
src/lxc/lxc_native.c | 25 +++
src/util/vircgroup.c | 74 +++++++-
src/util/vircgroup.h | 2 +
tests/domainschemadata/domain-caps-features.xml | 28 +++
tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml | 2 +
tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml | 2 +
tests/lxcconf2xmldata/lxcconf2xml-cputune.xml | 2 +
tests/lxcconf2xmldata/lxcconf2xml-idmap.xml | 2 +
.../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml | 4 +
tests/lxcconf2xmldata/lxcconf2xml-memtune.xml | 2 +
tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml | 4 +
tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml | 2 +
tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml | 4 +
tests/lxcconf2xmldata/lxcconf2xml-simple.xml | 8 +
tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml | 4 +
22 files changed, 710 insertions(+), 25 deletions(-)
create mode 100644 tests/domainschemadata/domain-caps-features.xml
--
1.8.4.5
10 years, 5 months
[libvirt] [PATCH 0/8] storage_scsi: Stable SCSI host addressing
by John Ferlan
Just over a year ago, Osier Yang submitted some patches to provide stable
SCSI host addressing support:
http://www.redhat.com/archives/libvir-list/2013-June/msg00396.html
Although reviewed - none of the patches were ever pushed and Osier never
got back to the work. I eventually inherited the changes and now after
languishing in the todo list - I took the time to rework things. There
is a bz associated:
https://bugzilla.redhat.com/show_bug.cgi?id=963817
Prior to leaving Red Hat, Osier and I spent some time revisiting the patch
series and hashing out new/different ideas to come up with the same answer.
My focus was to avoid the "generic recursive directory search" (patch 3),
to not require having to know whether the scsi_host was using udev or hal,
and to simplify as much as possible using existing data/information.
The generic directory search I believe was less generic than intended and
over complicated things. The old patches essentially used the output of
a 'virsh nodedev-list scsi_host' and then selecting a resulting entry ran
a 'virsh nodedev-dumpxml' to grab/use the resulting <parent> value. Taking
that value and optionally adding a unique_id value was the basis for the
design that would generate a PCI address (either in udev or hal format) and
recursively search through /sys/devices looking for a matching address in
either udev or hal format.
These patches replace the bulk of the directory traversal logic with a
more direct (and already in use) approach to scan the /sys/class/scsi_host
directories looking for a matching PCI address found in the symlink of
the files in the directory.
The changed logic will add a new XML element 'parentaddr' to describe the
scsi_host by it's PCI address. Additionally, the 'unique_id' has become a
required attribute. The code reuses the virDevicePCIAddressParseXML() in
order parse the required 'address' element. The 'address' will be in the
expect PCI Address format like other described host devices.
In order to help view the required unique_id value, the nodedev-dumpxml
output has been adjusted to provide the <unique_id> value. This value will
be an optional value on input.
The documentation is updated to describe how to generate the address from
the nodedev-dumpxml output.
The new scsihosttest creates the expected PCI infrastructure on the fly
since adding files with colons (':') is prohibited. There are multiple
directories and hosts within each to ensure the search logic worked as
expected.
Reviewer notes:
Patch 1 is new - it's just forcing the specific adapter.type checking
Patches 2 & 3 are the former patches 1 & 2 with some edits to adjust
for new XML syntax (and changed associated structure)
Patch 4 is new - it's just utilizing the 'LINUX_SYSFS_SCSI_HOST_PREFIX'
definition rather than using the hardcoded value
Patches 5 & 6 are new. They handle the optional unique_id value (including
using the new virNodeDevCapsDefParseIntOptional())
Patch 7 is similar to the former patch 5 insomuch as it's where the comparison
of the PCI directory path and unique_id file is made.
Patch 8 is similar to the former patch 7 insomuch as it's where the link
is made between the scsi_host host# and the loading/refreshing of the
scsi_host adapter.
Former patches 3, 4, 6, and 8-11 are no longer used
Please check my XML schema (patch 3) - I think I figured out the right
syntax to use regarding using either "<name>" or "<parentaddr>" where
"<parentaddr>" is an element. The syntax passes the make check, but
it's not an area of expertise for me. Using parentaddr was preferred
over overloading the parent attribute.
John Ferlan (6):
getAdapterName: check for SCSI_HOST
scsi_backend: Use existing LINUX_SYSFS_SCSI_HOST_PREFIX definition
virutil: Introduce virReadSCSIUniqueId
Add unique_id to nodedev output
scsi_host: Introduce virFindSCSIHostByPCI
getAdapterName: Lookup stable scsi_host
Osier Yang (2):
virStoragePoolSourceAdapter: Refine the SCSI_HOST adapter name
storage: Introduce parentaddr into virStoragePoolSourceAdapter
docs/formatnode.html.in | 11 +
docs/formatstorage.html.in | 130 +++++++--
docs/schemas/basictypes.rng | 24 +-
docs/schemas/nodedev.rng | 6 +
src/conf/node_device_conf.c | 23 +-
src/conf/node_device_conf.h | 1 +
src/conf/storage_conf.c | 111 +++++++-
src/conf/storage_conf.h | 8 +-
src/libvirt_private.syms | 2 +
src/node_device/node_device_linux_sysfs.c | 6 +
src/phyp/phyp_driver.c | 8 +-
src/storage/storage_backend_scsi.c | 53 +++-
src/test/test_driver.c | 5 +-
src/util/virutil.c | 154 +++++++++++
src/util/virutil.h | 8 +
tests/Makefile.am | 7 +
.../pci_8086_27c5_scsi_host_0_unique_id.xml | 8 +
tests/nodedevxml2xmltest.c | 1 +
tests/scsihosttest.c | 308 +++++++++++++++++++++
.../pool-scsi-type-scsi-host-stable.xml | 19 ++
.../pool-scsi-type-scsi-host-stable.xml | 22 ++
tests/storagepoolxml2xmltest.c | 1 +
22 files changed, 855 insertions(+), 61 deletions(-)
create mode 100644 tests/nodedevschemadata/pci_8086_27c5_scsi_host_0_unique_id.xml
create mode 100644 tests/scsihosttest.c
create mode 100644 tests/storagepoolxml2xmlin/pool-scsi-type-scsi-host-stable.xml
create mode 100644 tests/storagepoolxml2xmlout/pool-scsi-type-scsi-host-stable.xml
--
1.9.3
10 years, 5 months
[libvirt] [PATCH] QEMU: Fix virtio-serial device support on PPC.
by Olivia Yin
Patch fd0f22ed414e114664f4140306834bedd19f52c9 discard virtio-serial
device support on PPC machine.
Most PPC boards don't use -chardev with non-virtio serial device
except pseries which uses -device spapr-vty with -chardev.
Signed-off-by: Olivia Yin <Hong-Hua.Yin(a)freescale.com>
---
src/qemu/qemu_capabilities.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 8e0a550..4541f52 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -3493,19 +3493,18 @@ virQEMUCapsSupportsChardev(virDomainDefPtr def,
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE))
return false;
- if ((def->os.arch == VIR_ARCH_PPC) || (def->os.arch == VIR_ARCH_PPC64)) {
- /* only pseries need -device spapr-vty with -chardev */
- return (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
- chr->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO);
- }
-
- if ((def->os.arch != VIR_ARCH_ARMV7L) && (def->os.arch != VIR_ARCH_AARCH64))
+ if ((def->os.arch != VIR_ARCH_ARMV7L) && (def->os.arch != VIR_ARCH_AARCH64) &&
+ (def->os.arch != VIR_ARCH_PPC) && (def->os.arch != VIR_ARCH_PPC64))
return true;
/* This may not be true for all ARM machine types, but at least
* the only supported non-virtio serial devices of vexpress and versatile
* don't have the -chardev property wired up. */
+ /* Currently PPC boards don't use -chardev for non-virtio serial device
+ * except pseries which uses -device spapr-vty with -chardev. */
return (chr->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_VIRTIO_MMIO ||
(chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE &&
- chr->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_VIRTIO));
+ chr->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_VIRTIO) ||
+ (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
+ chr->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO));
}
--
1.8.5
10 years, 5 months
[libvirt] [PATCH 0/3] add binding guest numa nodes to host numa nodes support
by Chen Fan
Since qemu has supported numa option -memdev config:
-object memory-backend-ram,size=1024M,policy=membind,host-nodes=0,id=ram-node0 \
-numa node,nodeid=0,cpus=0,memdev=ram-node0 \
for binding guest numa nodes to host numa nodes.
So we introduce this capability in libvirt by configuration
domain XML like:
...
<cpu>
<numa>
<cell cpus='0-1' memdev='ram0'/>
</numa>
</cpu>
...
<devices>
<memdev type='ram' merge='yes' dump='yes' prealloc='yes'>
<name>ram0</name>
<capacity unit='MiB'>1000</capacity>
<source host-nodes='0-1' policy='bind' />
</memdev>
</devices>
Chen Fan (3):
numa: add '-numa memdev=' support
conf: add memdev device in <devices> XML
tests: add numa -memdev testing and docs support
docs/formatdomain.html.in | 71 ++++++-
docs/schemas/domaincommon.rng | 76 +++++++-
src/conf/cpu_conf.c | 73 ++++++--
src/conf/cpu_conf.h | 13 +-
src/conf/domain_conf.c | 203 ++++++++++++++++++++-
src/conf/domain_conf.h | 42 +++++
src/libvirt_private.syms | 4 +
src/qemu/qemu_capabilities.c | 4 +
src/qemu/qemu_capabilities.h | 2 +
src/qemu/qemu_command.c | 84 ++++++++-
src/qemu/qemu_command.h | 4 +
src/qemu/qemu_hotplug.c | 1 +
tests/qemuxml2argvdata/qemuxml2argv-cpu-numa3.args | 9 +
tests/qemuxml2argvdata/qemuxml2argv-cpu-numa3.xml | 35 ++++
tests/qemuxml2argvdata/qemuxml2argv-cpu-numa4.args | 10 +
tests/qemuxml2argvdata/qemuxml2argv-cpu-numa4.xml | 35 ++++
tests/qemuxml2argvtest.c | 2 +
17 files changed, 644 insertions(+), 24 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-cpu-numa3.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-cpu-numa3.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-cpu-numa4.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-cpu-numa4.xml
--
1.9.3
10 years, 5 months
[libvirt] [libvirt-glib] [PATCH 0/2] Add API to fetch the snapshots of a GVirDomain
by Timm Bäder
The following two patches add gvir_domain_fetch_snapshots which uses
virDomainListAllSnapshots to fetch snapshots from the virDomain
(using the given GVirDomainSnapshotListFlags) and
gvir_domain_get_snapshots which returns a GList of containing all of
the snapshots last fetched.
Timm Bäder (2):
libvirt-gobject-domain: Add _fetch_snapshots
libvirt-gobject-domain: Add _get_snapshots
libvirt-gobject/libvirt-gobject-domain.c | 80 ++++++++++++++++++++++++++++++++
libvirt-gobject/libvirt-gobject-domain.h | 40 ++++++++++++++++
libvirt-gobject/libvirt-gobject.sym | 3 ++
3 files changed, 123 insertions(+)
--
2.0.0
10 years, 5 months
[libvirt] [PATCH] libxl: prefer qdisk for <driver name='file'>
by Jim Fehlig
The libxl driver currently sets the disk backend to
LIBXL_DISK_BACKEND_TAP when <driver name='file'> is specified
in the <disk> config. qdisk should be prefered with this
configuration, otherwise existing configuration such as the
following, which worked with the old Xen driver, will not work
with the libxl driver
<disk type='file' device='cdrom'>
<driver name='file'/>
<source file='/path/to/some/iso'/>
<target dev='hdc' bus='ide'/>
<readonly/>
</disk>
In addition, tap performs poorly compared to qdisk.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
src/libxl/libxl_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index fdbb522..4b6b5c0 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -796,7 +796,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk, libxl_device_disk *x_disk)
return -1;
}
x_disk->format = LIBXL_DISK_FORMAT_RAW;
- x_disk->backend = LIBXL_DISK_BACKEND_TAP;
+ x_disk->backend = LIBXL_DISK_BACKEND_QDISK;
} else if (STREQ(driver, "phy")) {
if (format != VIR_STORAGE_FILE_NONE &&
format != VIR_STORAGE_FILE_RAW) {
--
1.8.4.5
10 years, 5 months
[libvirt] [PATCH v4] Only set SELinux seclabel if supported by the host.
by Cédric Bosdonnat
This code depends on new API in libvirt-gconfig to extract the
secmodels handled by the host.
---
Diff to v3:
* Added yet another missing g_object_unref.
* Fixed the logic for supportsSelinux
libvirt-sandbox/libvirt-sandbox-builder.c | 49 +++++++++++++++++++++++++++----
1 file changed, 43 insertions(+), 6 deletions(-)
diff --git a/libvirt-sandbox/libvirt-sandbox-builder.c b/libvirt-sandbox/libvirt-sandbox-builder.c
index 48b3acc..d6b5735 100644
--- a/libvirt-sandbox/libvirt-sandbox-builder.c
+++ b/libvirt-sandbox/libvirt-sandbox-builder.c
@@ -322,12 +322,10 @@ static gboolean gvir_sandbox_builder_construct_devices(GVirSandboxBuilder *build
return TRUE;
}
-
-static gboolean gvir_sandbox_builder_construct_security(GVirSandboxBuilder *builder G_GNUC_UNUSED,
- GVirSandboxConfig *config G_GNUC_UNUSED,
- const gchar *statedir G_GNUC_UNUSED,
- GVirConfigDomain *domain,
- GError **error G_GNUC_UNUSED)
+static gboolean gvir_sandbox_builder_construct_security_selinux (GVirSandboxBuilder *builder,
+ GVirSandboxConfig *config,
+ GVirConfigDomain *domain,
+ GError **error)
{
GVirConfigDomainSeclabel *sec = gvir_config_domain_seclabel_new();
const char *label = gvir_sandbox_config_get_security_label(config);
@@ -360,6 +358,45 @@ static gboolean gvir_sandbox_builder_construct_security(GVirSandboxBuilder *buil
return TRUE;
}
+static gboolean gvir_sandbox_builder_construct_security(GVirSandboxBuilder *builder,
+ GVirSandboxConfig *config,
+ const gchar *statedir G_GNUC_UNUSED,
+ GVirConfigDomain *domain,
+ GError **error)
+{
+ GVirConnection *connection = gvir_sandbox_builder_get_connection(builder);
+ GVirConfigCapabilities *configCapabilities;
+ GVirConfigCapabilitiesHost *hostCapabilities;
+ GList *secmodels, *iter;
+ gboolean supportsSelinux = FALSE;
+
+ /* What security models are available on the host? */
+ if (!(configCapabilities = gvir_connection_get_capabilities(connection, error))) {
+ return FALSE;
+ }
+
+ hostCapabilities = gvir_config_capabilities_get_host(configCapabilities);
+
+ secmodels = gvir_config_capabilities_host_get_secmodels(hostCapabilities);
+ for (iter = secmodels; iter != NULL; iter = iter->next) {
+ if (g_str_equal(gvir_config_capabilities_host_secmodel_get_model(
+ GVIR_CONFIG_CAPABILITIES_HOST_SECMODEL(iter->data)), "selinux"))
+ supportsSelinux = TRUE;
+ g_object_unref(iter->data);
+ }
+
+ g_list_free(secmodels);
+ g_object_unref(hostCapabilities);
+ g_object_unref(configCapabilities);
+ g_object_unref(connection);
+
+ if (supportsSelinux)
+ return gvir_sandbox_builder_construct_security_selinux(builder, config,
+ domain, error);
+
+ return TRUE;
+}
+
static gboolean gvir_sandbox_builder_clean_post_start_default(GVirSandboxBuilder *builder G_GNUC_UNUSED,
GVirSandboxConfig *config G_GNUC_UNUSED,
--
1.8.4.5
10 years, 5 months
