[PATCH 21/36] virsh: Introduce 'dom-fd-associate' for invoking virDomainFDAssociate()
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/manpages/virsh.rst | 22 +++++++++++
tools/virsh-domain.c | 83 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 105 insertions(+)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index c85bc8151d..7e57796384 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -5225,6 +5225,28 @@ If *--print-xml* is specified, the XML that would be used to change
media is
printed instead of changing the media.
+dom-fd-associate
+----------------
+
+**Syntax:**
+
+::
+
+ dom-fd-associate domain --name FDGROUPNAME --pass-fds M,N,....
+ [--seclabel-writable] [--seclabel-restore] [--seclabel-restore-require]
+
+Associate one or more fds described via *--pass-fds* argument to *domain* as
+*--name*. The lifetime of the passed fd group is the same as the connection, thus
+exitting virsh un-registers them afterwards.
+
+By default security labels are applied if needed but they are not restored after
+use to avoid keeping them open unnecessarily. Best-effort security label restore
+may be requested by using the *--seclabel-restore* flag.
+
+Passing *--seclabel-restore-require* instructs the hypervisor to try harder to
+restore security labels. **Note:** Hypervisors currently don't support this flag.
+
+
NODEDEV COMMANDS
================
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 2d162cf8c0..5cbbb4bd28 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9816,6 +9816,83 @@ cmdDomSetLaunchSecState(vshControl * ctl, const vshCmd * cmd)
return ret;
}
+
+/*
+ * "dom-fd-associate" command
+ */
+static const vshCmdInfo info_dom_fd_associate[] = {
+ {.name = "help",
+ .data = N_("associate a FD with a domain")
+ },
+ {.name = "desc",
+ .data = N_("associate a FD with a domain")
+ },
+ {.name = NULL}
+};
+
+static const vshCmdOptDef opts_dom_fd_associate[] = {
+ VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+ {.name = "name",
+ .type = VSH_OT_DATA,
+ .flags = VSH_OFLAG_REQ,
+ .completer = virshCompleteEmpty,
+ .help = N_("name of the FD group")
+ },
+ {.name = "pass-fds",
+ .type = VSH_OT_DATA,
+ .flags = VSH_OFLAG_REQ,
+ .completer = virshCompleteEmpty,
+ .help = N_("file descriptors N,M,... to associate")
+ },
+ {.name = "seclabel-writable",
+ .type = VSH_OT_BOOL,
+ .help = N_("use seclabels allowing writes")
+ },
+ {.name = "seclabel-restore",
+ .type = VSH_OT_BOOL,
+ .help = N_("Try to restore security label after use if possible")
+ },
+ {.name = "seclabel-restore-require",
+ .type = VSH_OT_BOOL,
+ .help = N_("require that security label is restored after use")
+ },
+ {.name = NULL}
+};
+
+static bool
+cmdDomFdAssociate(vshControl *ctl, const vshCmd *cmd)
+{
+ g_autoptr(virshDomain) dom = NULL;
+ const char *name = NULL;
+ unsigned int flags = 0;
+ g_autofree int *fds = NULL;
+ size_t nfds = 0;
+
+ if (vshCommandOptBool(cmd, "seclabel-writable"))
+ flags |= VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_WRITABLE;
+
+ if (vshCommandOptBool(cmd, "seclabel-restore"))
+ flags |= VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_RESTORE;
+
+ if (vshCommandOptBool(cmd, "seclabel-restore-require"))
+ flags |= VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_WRITABLE;
+
+ if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
+ return false;
+
+ if (vshCommandOptStringReq(ctl, cmd, "name", &name) < 0)
+ return false;
+
+ if (virshFetchPassFdsList(ctl, cmd, &nfds, &fds) < 0)
+ return false;
+
+ if (virDomainFDAssociate(dom, name, nfds, fds, flags) < 0)
+ return false;
+
+ return true;
+}
+
+
/*
* "qemu-monitor-command" command
*/
@@ -14417,5 +14494,11 @@ const vshCmdDef domManagementCmds[] = {
.info = info_domdirtyrate_calc,
.flags = 0
},
+ {.name = "dom-fd-associate",
+ .handler = cmdDomFdAssociate,
+ .opts = opts_dom_fd_associate,
+ .info = info_dom_fd_associate,
+ .flags = 0
+ },
{.name = NULL}
};
--
2.38.1