Re: [PATCH 21/36] virsh: Introduce 'dom-fd-associate' for invoking virDomainFDAssociate()

Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt; --- docs/manpages/virsh.rst | 22 +++++++++++ tools/virsh-domain.c | 83 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index c85bc8151d..7e57796384 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -5225,6 +5225,28 @@ If *--print-xml* is specified, the XML that would be used to change media is printed instead of changing the media. +dom-fd-associate +---------------- + +**Syntax:** + +:: + + dom-fd-associate domain --name FDGROUPNAME --pass-fds M,N,.... + [--seclabel-writable] [--seclabel-restore] [--seclabel-restore-require] + +Associate one or more fds described via *--pass-fds* argument to *domain* as +*--name*. The lifetime of the passed fd group is the same as the connection, thus +exitting virsh un-registers them afterwards. + +By default security labels are applied if needed but they are not restored after +use to avoid keeping them open unnecessarily. Best-effort security label restore +may be requested by using the *--seclabel-restore* flag. + +Passing *--seclabel-restore-require* instructs the hypervisor to try harder to +restore security labels. **Note:** Hypervisors currently don't support this flag. + + NODEDEV COMMANDS ================ diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 2d162cf8c0..5cbbb4bd28 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -9816,6 +9816,83 @@ cmdDomSetLaunchSecState(vshControl * ctl, const vshCmd * cmd) return ret; } + +/* + * "dom-fd-associate" command + */ +static const vshCmdInfo info_dom_fd_associate[] = { + {.name = "help", + .data = N_("associate a FD with a domain") + }, + {.name = "desc", + .data = N_("associate a FD with a domain") + }, + {.name = NULL} +}; + +static const vshCmdOptDef opts_dom_fd_associate[] = { + VIRSH_COMMON_OPT_DOMAIN_FULL(0), + {.name = "name", + .type = VSH_OT_DATA, + .flags = VSH_OFLAG_REQ, + .completer = virshCompleteEmpty, + .help = N_("name of the FD group") + }, + {.name = "pass-fds", + .type = VSH_OT_DATA, + .flags = VSH_OFLAG_REQ, + .completer = virshCompleteEmpty, + .help = N_("file descriptors N,M,... to associate") + }, + {.name = "seclabel-writable", + .type = VSH_OT_BOOL, + .help = N_("use seclabels allowing writes") + }, + {.name = "seclabel-restore", + .type = VSH_OT_BOOL, + .help = N_("Try to restore security label after use if possible")

+ }, + {.name = "seclabel-restore-require", + .type = VSH_OT_BOOL, + .help = N_("require that security label is restored after use") + }, + {.name = NULL} +};