1:18 p.m.
The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "disk->encryption" is
non-NULL iff encryption information is available.
A domain with partial encryption information can be defined,
completeness of the information is not verified. The domain won't
start until the remaining information is added, of course.
---
docs/formatdomain.html | 6 ++++++
docs/formatdomain.html.in | 8 ++++++++
docs/schemas/domain.rng | 5 +++++
src/domain_conf.c | 14 ++++++++++++++
src/domain_conf.h | 2 ++
5 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/docs/formatdomain.html b/docs/formatdomain.html
index efba65a..3368ad5 100644
--- a/docs/formatdomain.html
+++ b/docs/formatdomain.html
@@ -453,6 +453,9 @@
<driver name="tap" type="aio">
<source file='/var/lib/xen/images/fv0'/>
<target dev='hda' bus='ide'/>
+ <encryption type='...'>
+ ...
+ </encryption>
</disk>
...</pre>
<dl><dt><code>disk</code></dt><dd>The
<code>disk</code> element is the main container for describing
@@ -478,6 +481,9 @@
<code>driver</code> element allows them to be selected. The
<code>name</code>
attribute is the primary backend driver name, while the optional
<code>type</code>
attribute provides the sub-type. <span class="since">Since
0.1.8</span>
+ </dd><dt><code>encryption</code></dt><dd>If
present, specifies how the volume is encrypted. See
+ the <a href="formatstorageencryption.html">Storage
Encryption</a> page
+ for more information.
</dd></dl>
<h4>
<a name="elementsUSB" id="elementsUSB">USB and PCI
devices</a>
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index eb12784..211f7ed 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -338,6 +338,9 @@
<driver name="tap" type="aio">
<source file='/var/lib/xen/images/fv0'/>
<target dev='hda' bus='ide'/>
+ <encryption type='...'>
+ ...
+ </encryption>
</disk>
...</pre>
@@ -373,6 +376,11 @@
attribute is the primary backend driver name, while the optional
<code>type</code>
attribute provides the sub-type. <span class="since">Since
0.1.8</span>
</dd>
+ <dt><code>encryption</code></dt>
+ <dd>If present, specifies how the volume is encrypted. See
+ the <a href="formatstorageencryption.html">Storage
Encryption</a> page
+ for more information.
+ </dd>
</dl>
<h4><a name="elementsUSB">USB and PCI
devices</a></h4>
diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng
index f857301..df31f4a 100644
--- a/docs/schemas/domain.rng
+++ b/docs/schemas/domain.rng
@@ -4,6 +4,8 @@
<start>
<ref name="domain"/>
</start>
+
+ <include href='storageencryption.rng'/>
<!--
We handle only document defining a domain
-->
@@ -336,6 +338,9 @@
<empty/>
</element>
</optional>
+ <optional>
+ <ref name="encryption"/>
+ </optional>
</define>
<!--
A disk description can be either of type file or block
diff --git a/src/domain_conf.c b/src/domain_conf.c
index 1d2cc7c..46acf5e 100644
--- a/src/domain_conf.c
+++ b/src/domain_conf.c
@@ -288,6 +288,7 @@ void virDomainDiskDefFree(virDomainDiskDefPtr def)
VIR_FREE(def->dst);
VIR_FREE(def->driverName);
VIR_FREE(def->driverType);
+ virStorageEncryptionFree(def->encryption);
VIR_FREE(def);
}
@@ -661,6 +662,7 @@ virDomainDiskDefParseXML(virConnectPtr conn,
char *bus = NULL;
char *cachetag = NULL;
char *devaddr = NULL;
+ virStorageEncryptionPtr encryption = NULL;
if (VIR_ALLOC(def) < 0) {
virReportOOMError(conn);
@@ -718,6 +720,12 @@ virDomainDiskDefParseXML(virConnectPtr conn,
} else if ((flags & VIR_DOMAIN_XML_INTERNAL_STATUS) &&
xmlStrEqual(cur->name, BAD_CAST "state")) {
devaddr = virXMLPropString(cur, "devaddr");
+ } else if (encryption == NULL &&
+ xmlStrEqual(cur->name, BAD_CAST "encryption")) {
+ encryption = virStorageEncryptionParseNode(conn, node->doc,
+ cur);
+ if (encryption == NULL)
+ goto error;
}
}
cur = cur->next;
@@ -836,6 +844,8 @@ virDomainDiskDefParseXML(virConnectPtr conn,
driverName = NULL;
def->driverType = driverType;
driverType = NULL;
+ def->encryption = encryption;
+ encryption = NULL;
cleanup:
VIR_FREE(bus);
@@ -847,6 +857,7 @@ cleanup:
VIR_FREE(driverName);
VIR_FREE(cachetag);
VIR_FREE(devaddr);
+ virStorageEncryptionFree(encryption);
return def;
@@ -3519,6 +3530,9 @@ virDomainDiskDefFormat(virConnectPtr conn,
virBufferAddLit(buf, " <readonly/>\n");
if (def->shared)
virBufferAddLit(buf, " <shareable/>\n");
+ if (def->encryption != NULL &&
+ virStorageEncryptionFormat(conn, buf, def->encryption) < 0)
+ return -1;
if (flags & VIR_DOMAIN_XML_INTERNAL_STATUS) {
virBufferAddLit(buf, " <state");
diff --git a/src/domain_conf.h b/src/domain_conf.h
index 44302be..e422f6f 100644
--- a/src/domain_conf.h
+++ b/src/domain_conf.h
@@ -30,6 +30,7 @@
#include "internal.h"
#include "capabilities.h"
+#include "storage_encryption.h"
#include "util.h"
#include "threads.h"
@@ -117,6 +118,7 @@ struct _virDomainDiskDef {
unsigned bus;
unsigned slot;
} pci_addr;
+ virStorageEncryptionPtr encryption;
};
static inline int
--
1.6.2.5