Re: [libvirt] [PATCH v7 2/2] bhyve: add ACL support

--- src/Makefile.am | 5 ++-- src/bhyve/bhyve_driver.c | 63 ++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 61 insertions(+), 7 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 3567d13..d0aa18d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1330,8 +1330,9 @@ noinst_LTLIBRARIES += libvirt_driver_bhyve.la endif ! WITH_DRIVER_MODULES libvirt_driver_bhyve_impl_la_CFLAGS = \ - -I$(top_srcdir)/src/conf \ - $(AM_CFLAGS) + -I$(top_srcdir)/src/access \ + -I$(top_srcdir)/src/conf \ + $(AM_CFLAGS) libvirt_driver_bhyve_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_bhyve_impl_la_SOURCES = $(BHYVE_DRIVER_SOURCES) endif WITH_BHYVE diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c index e8e082b..2d2e54e 100644 --- a/src/bhyve/bhyve_driver.c +++ b/src/bhyve/bhyve_driver.c @@ -47,6 +47,7 @@ #include "virrandom.h" #include "virstring.h" #include "cpu/cpu.h" +#include "viraccessapicheck.h" #include "bhyve_driver.h" #include "bhyve_process.h" @@ -101,6 +102,9 @@ bhyveConnectGetCapabilities(virConnectPtr conn) bhyveConnPtr privconn = conn->privateData; char *xml; + if (virConnectGetCapabilitiesEnsureACL(conn) < 0) + return NULL; + bhyveDriverLock(privconn); if ((xml = virCapabilitiesFormatXML(privconn->caps)) == NULL) virReportOOMError(); @@ -157,6 +161,9 @@ bhyveConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; } + if (virConnectOpenEnsureACL(conn) < 0) + return VIR_DRV_OPEN_ERROR; + conn->privateData = bhyve_driver; return VIR_DRV_OPEN_SUCCESS; @@ -173,6 +180,9 @@ bhyveConnectClose(virConnectPtr conn) static char * bhyveConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED) { + if (virConnectGetHostnameEnsureACL(conn) < 0) + return NULL; + return virGetHostname(); } @@ -181,6 +191,9 @@ bhyveConnectGetVersion(virConnectPtr conn ATTRIBUTE_UNUSED, unsigned long *versi { struct utsname ver; + if (virConnectGetVersionEnsureACL(conn) < 0) + return -1; + uname(&ver); if (virParseVersionString(ver.release, version, true) < 0) { @@ -201,6 +214,9 @@ bhyveDomainGetInfo(virDomainPtr domain, virDomainInfoPtr info) if (!(vm = bhyveDomObjFromDomain(domain))) goto cleanup; + if (virDomainGetInfoEnsureACL(domain->conn, vm->def) < 0) + goto cleanup; + info->state = virDomainObjGetState(vm, NULL); info->maxMem = vm->def->mem.max_balloon; info->nrVirtCpu = vm->def->vcpus; @@ -226,6 +242,9 @@ bhyveDomainGetState(virDomainPtr domain, if (!(vm = bhyveDomObjFromDomain(domain))) goto cleanup; + if (virDomainGetStateEnsureACL(domain->conn, vm->def) < 0) + goto cleanup; + *state = virDomainObjGetState(vm, reason); ret = 0; @@ -244,6 +263,9 @@ bhyveDomainGetXMLDesc(virDomainPtr domain, unsigned int flags) if (!(vm = bhyveDomObjFromDomain(domain))) goto cleanup; + if (virDomainGetXMLDescEnsureACL(domain->conn, vm->def, flags) < 0) + goto cleanup; + ret = virDomainDefFormat(vm->def, flags); cleanup: @@ -269,6 +291,9 @@ bhyveDomainDefineXML(virConnectPtr conn, const char *xml) goto cleanup; } + if (virDomainDefineXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (!(vm = virDomainObjListAdd(privconn->domains, def, privconn->xmlopt, 0, &oldDef))) @@ -296,8 +321,11 @@ bhyveConnectListDomains(virConnectPtr conn, int *ids, int maxids) bhyveConnPtr privconn = conn->privateData; int n; + if (virConnectListDomainsEnsureACL(conn) < 0) + return -1; + n = virDomainObjListGetActiveIDs(privconn->domains, ids, maxids, - NULL, NULL); + virConnectListDomainsCheckACL, conn); return n; } @@ -308,8 +336,11 @@ bhyveConnectNumOfDomains(virConnectPtr conn) bhyveConnPtr privconn = conn->privateData; int count; + if (virConnectNumOfDomainsEnsureACL(conn) < 0) + return -1; + count = virDomainObjListNumOfDomains(privconn->domains, true, - NULL, NULL); + virConnectNumOfDomainsCheckACL, conn); return count; } @@ -321,9 +352,12 @@ bhyveConnectListDefinedDomains(virConnectPtr conn, char **const names, bhyveConnPtr privconn = conn->privateData; int n; + if (virConnectListDefinedDomainsEnsureACL(conn) < 0) + return -1; + memset(names, 0, sizeof(*names) * maxnames); n = virDomainObjListGetInactiveNames(privconn->domains, names, - maxnames, NULL, NULL); + maxnames, virConnectListDefinedDomainsCheckACL, conn); return n; } @@ -334,8 +368,11 @@ bhyveConnectNumOfDefinedDomains(virConnectPtr conn) bhyveConnPtr privconn = conn->privateData; int count; + if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0) + return -1; + count = virDomainObjListNumOfDomains(privconn->domains, false, - NULL, NULL); + virConnectNumOfDefinedDomainsCheckACL, conn); return count; } @@ -350,8 +387,11 @@ bhyveConnectListAllDomains(virConnectPtr conn, virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1); + if (virConnectListAllDomainsEnsureACL(conn) < 0) + return -1; + ret = virDomainObjListExport(privconn->domains, conn, domains, - NULL, flags); + virConnectListAllDomainsCheckACL, flags); return ret; } @@ -374,6 +414,9 @@ bhyveDomainLookupByUUID(virConnectPtr conn, goto cleanup; } + if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0) + goto cleanup; + dom = virGetDomain(conn, vm->def->name, vm->def->uuid); if (dom) dom->id = vm->def->id; @@ -398,6 +441,10 @@ static virDomainPtr bhyveDomainLookupByName(virConnectPtr conn, _("no domain with matching name '%s'"), name); goto cleanup; } + + if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0) + goto cleanup; + dom = virGetDomain(conn, vm->def->name, vm->def->uuid); if (dom) dom->id = vm->def->id; @@ -418,6 +465,9 @@ bhyveDomainCreate(virDomainPtr dom) if (!(vm = bhyveDomObjFromDomain(dom))) goto cleanup; + if (virDomainCreateEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is already running")); @@ -443,6 +493,9 @@ bhyveDomainDestroy(virDomainPtr dom) if (!(vm = bhyveDomObjFromDomain(dom))) goto cleanup; + if (virDomainDestroyEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + ret = virBhyveProcessStop(privconn, vm, VIR_DOMAIN_SHUTOFF_DESTROYED); cleanup: