[libvirt] [PATCH 1/4] add a qemu-specific event register API, to passthough the new events come from qemu
by shaohef@linux.vnet.ibm.com
From: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
Basically, this feature can go along with qemu monitor passthrough.
That way, if we use new commands in the monitor that generate new events, we want some way to receive those new events too.
Signed-off-by: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
---
include/libvirt/libvirt-qemu.h | 27 ++++
include/libvirt/libvirt.h.in | 2 +-
src/conf/domain_event.c | 293 ++++++++++++++++++++++++++++++++++++++--
src/conf/domain_event.h | 50 ++++++-
src/driver.h | 14 ++
src/libvirt-qemu.c | 189 ++++++++++++++++++++++++++
src/libvirt_private.syms | 6 +
src/libvirt_qemu.syms | 5 +
8 files changed, 571 insertions(+), 15 deletions(-)
diff --git a/include/libvirt/libvirt-qemu.h b/include/libvirt/libvirt-qemu.h
index 7f12e4f..3aa944a 100644
--- a/include/libvirt/libvirt-qemu.h
+++ b/include/libvirt/libvirt-qemu.h
@@ -32,6 +32,33 @@ virDomainPtr virDomainQemuAttach(virConnectPtr domain,
unsigned int pid,
unsigned int flags);
+/**
+ * virConnectDomainQemuEventCallback:
+ * @conn: connection object
+ * @dom: domain on which the event occurred
+ * @eventName : the name of the unknow or un-implementation event
+ * @eventArgs: the content of the unknow or un-implementation event
+ *
+ * The callback signature to use when registering for an event of type
+ * VIR_QEMU_DOMAIN_EVENT_ID_UNKNOWN with virConnectDomainQemuEventRegister()
+ */
+typedef void (*virConnectDomainQemuEventCallback)(virConnectPtr conn,
+ virDomainPtr dom,
+ const char *eventName, /* The JSON event name */
+ const char *eventArgs, /* The JSON string of args */
+ void *opaque);
+
+int
+virConnectDomainQemuEventRegister(virConnectPtr conn,
+ virDomainPtr dom, /* option to filter */
+ const char *eventName, /* JSON event name */
+ virConnectDomainQemuEventCallback cb,
+ void *opaque,
+ virFreeCallback freecb);
+int
+virConnectDomainQemuEventDeregister(virConnectPtr conn,
+ int callbackID);
+
# ifdef __cplusplus
}
# endif
diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
index 2480add..9fcb400 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -3207,7 +3207,6 @@ typedef void (*virConnectDomainEventBlockJobCallback)(virConnectPtr conn,
int type,
int status,
void *opaque);
-
/**
* virConnectDomainEventDiskChangeReason:
*
@@ -3263,6 +3262,7 @@ typedef enum {
VIR_DOMAIN_EVENT_ID_CONTROL_ERROR = 7, /* virConnectDomainEventGenericCallback */
VIR_DOMAIN_EVENT_ID_BLOCK_JOB = 8, /* virConnectDomainEventBlockJobCallback */
VIR_DOMAIN_EVENT_ID_DISK_CHANGE = 9, /* virConnectDomainEventDiskChangeCallback */
+ VIR_QEMU_DOMAIN_EVENT_ID_UNKNOWN = 10, /* virConnectDomainEventDefaultCallback */
/*
* NB: this enum value will increase over time as new events are
diff --git a/src/conf/domain_event.c b/src/conf/domain_event.c
index 614ab97..0388a66 100644
--- a/src/conf/domain_event.c
+++ b/src/conf/domain_event.c
@@ -45,7 +45,9 @@ typedef virDomainMeta *virDomainMetaPtr;
struct _virDomainEventCallback {
int callbackID;
+ int qemuCallbackID;
int eventID;
+ char *eventName;
virConnectPtr conn;
virDomainMetaPtr dom;
virConnectDomainEventGenericCallback cb;
@@ -94,6 +96,10 @@ struct _virDomainEvent {
char *devAlias;
int reason;
} diskChange;
+ struct {
+ char *eventName;
+ char *eventArgs;
+ }qemuUnknownEvent;
} data;
};
@@ -112,6 +118,7 @@ virDomainEventCallbackListFree(virDomainEventCallbackListPtr list)
for (i=0; i<list->count; i++) {
virFreeCallback freecb = list->callbacks[i]->freecb;
+ VIR_FREE(list->callbacks[i]->eventName);
if (freecb)
(*freecb)(list->callbacks[i]->opaque);
VIR_FREE(list->callbacks[i]);
@@ -187,8 +194,10 @@ virDomainEventCallbackListRemoveID(virConnectPtr conn,
if (freecb)
(*freecb)(cbList->callbacks[i]->opaque);
virUnrefConnect(cbList->callbacks[i]->conn);
+ if (cbList->callbacks[i]->eventID == VIR_QEMU_DOMAIN_EVENT_ID_UNKNOWN) {
+ VIR_FREE(cbList->callbacks[i]->eventName);
+ }
VIR_FREE(cbList->callbacks[i]);
-
if (i < (cbList->count - 1))
memmove(cbList->callbacks + i,
cbList->callbacks + i + 1,
@@ -231,6 +240,9 @@ virDomainEventCallbackListRemoveConn(virConnectPtr conn,
if (freecb)
(*freecb)(cbList->callbacks[i]->opaque);
virUnrefConnect(cbList->callbacks[i]->conn);
+ if (cbList->callbacks[i]->eventID == VIR_QEMU_DOMAIN_EVENT_ID_UNKNOWN) {
+ VIR_FREE(cbList->callbacks[i]->eventName);
+ }
VIR_FREE(cbList->callbacks[i]);
if (i < (cbList->count - 1))
@@ -299,6 +311,9 @@ int virDomainEventCallbackListPurgeMarked(virDomainEventCallbackListPtr cbList)
if (freecb)
(*freecb)(cbList->callbacks[i]->opaque);
virUnrefConnect(cbList->callbacks[i]->conn);
+ if (cbList->callbacks[i]->eventID == VIR_QEMU_DOMAIN_EVENT_ID_UNKNOWN) {
+ VIR_FREE(cbList->callbacks[i]->eventName);
+ }
VIR_FREE(cbList->callbacks[i]);
if (i < (cbList->count - 1))
@@ -404,7 +419,98 @@ virDomainEventCallbackListAddID(virConnectPtr conn,
cbList->callbacks[cbList->count] = event;
cbList->count++;
+ event->callbackID = cbList->nextID++;
+
+ return event->callbackID;
+
+no_memory:
+ virReportOOMError();
+
+ if (event) {
+ if (event->dom)
+ VIR_FREE(event->dom->name);
+ VIR_FREE(event->dom);
+ }
+ VIR_FREE(event);
+ return -1;
+}
+
+
+
+/**
+ * virDomainEventCallbackListAddName:
+ * @conn: pointer to the connection
+ * @cbList: the list
+ * @eventName: the event eventName
+ * @callback: the callback to add
+ * @eventID: the specific eventID
+ * @opaque: opaque data tio pass to callback
+ *
+ * Internal function to add a callback from a virDomainEventCallbackListPtr
+ */
+int
+virDomainEventCallbackListAddName(virConnectPtr conn,
+ virDomainEventCallbackListPtr cbList,
+ virDomainPtr dom,
+ const char* eventName,
+ int eventID,
+ virConnectDomainEventGenericCallback callback,
+ void *opaque,
+ virFreeCallback freecb)
+{
+ virDomainEventCallbackPtr event;
+ int i;
+
+ /* Check incoming */
+ if ( !cbList ) {
+ return -1;
+ }
+
+ /* check if we already have this callback on our list */
+ for (i = 0 ; i < cbList->count ; i++) {
+ if (cbList->callbacks[i]->cb == VIR_DOMAIN_EVENT_CALLBACK(callback) &&
+ STREQ(cbList->callbacks[i]->eventName, eventName) &&
+ cbList->callbacks[i]->eventID == eventID &&
+ cbList->callbacks[i]->conn == conn) {
+ eventReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("event callback already tracked"));
+ return -1;
+ }
+ }
+ if (eventID > VIR_DOMAIN_EVENT_ID_LAST || eventID < VIR_DOMAIN_EVENT_ID_LIFECYCLE) {
+ eventReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("not suport this kind of eventID: %d"), eventID);
+ }
+ /* Allocate new event */
+ if (VIR_ALLOC(event) < 0)
+ goto no_memory;
+ event->conn = conn;
+ event->cb = callback;
+ if (eventName == NULL)
+ goto no_memory;
+ event->eventName = strdup(eventName);
+ if ( event->eventName == NULL)
+ goto no_memory;
+ event->opaque = opaque;
+ event->freecb = freecb;
+ event->eventID = eventID;
+ if (dom) {
+ if (VIR_ALLOC(event->dom) < 0)
+ goto no_memory;
+ if (!(event->dom->name = strdup(dom->name)))
+ goto no_memory;
+ memcpy(event->dom->uuid, dom->uuid, VIR_UUID_BUFLEN);
+ event->dom->id = dom->id;
+ }
+ /* Make space on list */
+ if (VIR_REALLOC_N(cbList->callbacks, cbList->count + 1) < 0)
+ goto no_memory;
+
+ event->conn->refs++;
+
+ cbList->callbacks[cbList->count] = event;
+ cbList->count++;
event->callbackID = cbList->nextID++;
return event->callbackID;
@@ -416,11 +522,40 @@ no_memory:
if (event->dom)
VIR_FREE(event->dom->name);
VIR_FREE(event->dom);
+ VIR_FREE(event->eventName);
}
VIR_FREE(event);
return -1;
}
+/**
+ * virDomainEventCallbackListAddQemuCallbackID:
+ * @conn: pointer to the connection
+ * @cbList: the list
+ * @callbackID: the libvirt callback ID
+ * @qemuCallbackID: the libvirtd callback ID to add
+ *
+ * Internal function to add a Daemon libvirtd callbackID
+ */
+int
+virDomainEventCallbackListAddQemuCallbackID(virConnectPtr conn,
+ virDomainEventCallbackListPtr cbList,
+ int callbackID,
+ int qemuCallbackID)
+{
+ int i;
+ for (i = 0 ; i < cbList->count ; i++) {
+ if (cbList->callbacks[i]->callbackID == callbackID &&
+ cbList->callbacks[i]->conn == conn) {
+ cbList->callbacks[i]->qemuCallbackID = qemuCallbackID;
+ return 0;
+ }
+ }
+
+ eventReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("could not find event callback for deletion"));
+ return -1;
+}
int virDomainEventCallbackListCountID(virConnectPtr conn,
virDomainEventCallbackListPtr cbList,
@@ -442,6 +577,27 @@ int virDomainEventCallbackListCountID(virConnectPtr conn,
}
+int
+virDomainEventCallbackListCountName(virConnectPtr conn,
+ virDomainEventCallbackListPtr cbList,
+ const char *eventName)
+{
+ int i;
+ int count = 0;
+
+ for (i = 0 ; i < cbList->count ; i++) {
+ if (cbList->callbacks[i]->deleted)
+ continue;
+
+ if (STREQ(cbList->callbacks[i]->eventName,eventName) &&
+ cbList->callbacks[i]->conn == conn)
+ count++;
+ }
+
+ return count;
+}
+
+
int virDomainEventCallbackListEventID(virConnectPtr conn,
virDomainEventCallbackListPtr cbList,
int callbackID)
@@ -461,6 +617,44 @@ int virDomainEventCallbackListEventID(virConnectPtr conn,
}
+const char*
+virDomainEventCallbackListEventName(virConnectPtr conn,
+ virDomainEventCallbackListPtr cbList,
+ int callbackID)
+{
+ int i;
+
+ for (i = 0 ; i < cbList->count ; i++) {
+ if (cbList->callbacks[i]->deleted)
+ continue;
+
+ if (cbList->callbacks[i]->callbackID == callbackID &&
+ cbList->callbacks[i]->conn == conn)
+ return cbList->callbacks[i]->eventName;
+ }
+
+ return NULL;
+}
+
+int
+virDomainEventCallbackListEventQemuCallbackID(virConnectPtr conn,
+ virDomainEventCallbackListPtr cbList,
+ int callbackID)
+{
+ int i;
+
+ for (i = 0 ; i < cbList->count ; i++) {
+ if (cbList->callbacks[i]->deleted)
+ continue;
+
+ if (cbList->callbacks[i]->callbackID == callbackID &&
+ cbList->callbacks[i]->conn == conn)
+ return cbList->callbacks[i]->qemuCallbackID;
+ }
+
+ return -1;
+}
+
int virDomainEventCallbackListCount(virDomainEventCallbackListPtr cbList)
{
int i;
@@ -521,6 +715,11 @@ void virDomainEventFree(virDomainEventPtr event)
VIR_FREE(event->data.diskChange.newSrcPath);
VIR_FREE(event->data.diskChange.devAlias);
break;
+
+ case VIR_QEMU_DOMAIN_EVENT_ID_UNKNOWN:
+ VIR_FREE(event->data.qemuUnknownEvent.eventName);
+ VIR_FREE(event->data.qemuUnknownEvent.eventArgs);
+ break;
}
VIR_FREE(event->dom.name);
@@ -956,6 +1155,51 @@ virDomainEventPtr virDomainEventBlockJobNewFromDom(virDomainPtr dom,
path, type, status);
}
+static virDomainEventPtr
+virDomainEventUnknownNew(int id, const char *name, unsigned char *uuid,
+ const char *eventName, const char *eventArgs)
+{
+ virDomainEventPtr ev =
+ virDomainEventNewInternal(VIR_QEMU_DOMAIN_EVENT_ID_UNKNOWN,
+ id, name, uuid);
+ if (ev) {
+ if (!(ev->data.qemuUnknownEvent.eventName = strdup(eventName))) {
+ virReportOOMError();
+ VIR_FREE(ev->dom.name);
+ VIR_FREE(ev);
+ return NULL;
+ }
+ if (eventArgs) {
+ if (!(ev->data.qemuUnknownEvent.eventArgs = strdup(eventArgs))) {
+ virReportOOMError();
+ VIR_FREE(ev->data.qemuUnknownEvent.eventName);
+ VIR_FREE(ev->dom.name);
+ VIR_FREE(ev);
+ return NULL;
+ }
+ }
+ }
+
+ return ev;
+}
+
+virDomainEventPtr virDomainEventUnknownNewFromObj(virDomainObjPtr obj,
+ const char *eventName,
+ const char *eventArgs)
+{
+
+ return virDomainEventUnknownNew(obj->def->id, obj->def->name,
+ obj->def->uuid, eventName, eventArgs);
+}
+
+virDomainEventPtr virDomainEventUnknownNewFromDom(virDomainPtr dom,
+ const char *eventName,
+ const char *eventArgs)
+{
+ return virDomainEventUnknownNew(dom->id, dom->name, dom->uuid,
+ eventName, eventArgs);
+}
+
virDomainEventPtr virDomainEventControlErrorNewFromDom(virDomainPtr dom)
{
virDomainEventPtr ev =
@@ -1095,11 +1339,12 @@ virDomainEventQueuePush(virDomainEventQueuePtr evtQueue,
}
-void virDomainEventDispatchDefaultFunc(virConnectPtr conn,
- virDomainEventPtr event,
- virConnectDomainEventGenericCallback cb,
- void *cbopaque,
- void *opaque ATTRIBUTE_UNUSED)
+void
+virDomainEventDispatchDefaultFunc(virConnectPtr conn,
+ virDomainEventPtr event,
+ virConnectDomainEventGenericCallback cb,
+ void *cbopaque,
+ void *opaque ATTRIBUTE_UNUSED)
{
virDomainPtr dom = virGetDomain(conn, event->dom.name, event->dom.uuid);
if (!dom)
@@ -1180,6 +1425,13 @@ void virDomainEventDispatchDefaultFunc(virConnectPtr conn,
cbopaque);
break;
+ case VIR_QEMU_DOMAIN_EVENT_ID_UNKNOWN:
+ ((virConnectDomainQemuEventCallback)cb)(conn, dom,
+ event->data.qemuUnknownEvent.eventName,
+ event->data.qemuUnknownEvent.eventArgs,
+ cbopaque);
+ break;
+
default:
VIR_WARN("Unexpected event ID %d", event->eventID);
break;
@@ -1189,8 +1441,9 @@ void virDomainEventDispatchDefaultFunc(virConnectPtr conn,
}
-static int virDomainEventDispatchMatchCallback(virDomainEventPtr event,
- virDomainEventCallbackPtr cb)
+static int
+virDomainEventDispatchMatchCallback(virDomainEventPtr event,
+ virDomainEventCallbackPtr cb)
{
if (!cb)
return 0;
@@ -1198,7 +1451,12 @@ static int virDomainEventDispatchMatchCallback(virDomainEventPtr event,
return 0;
if (cb->eventID != event->eventID)
return 0;
-
+ if (event->eventID == VIR_QEMU_DOMAIN_EVENT_ID_UNKNOWN) {
+ if (event->data.qemuUnknownEvent.eventName == NULL ||
+ cb->eventName == NULL ||
+ STRNEQ(cb->eventName, event->data.qemuUnknownEvent.eventName))
+ return 0;
+ }
if (cb->dom) {
/* Deliberately ignoring 'id' for matching, since that
* will cause problems when a domain switches between
@@ -1341,3 +1599,20 @@ virDomainEventStateDeregisterAny(virConnectPtr conn,
virDomainEventStateUnlock(state);
return ret;
}
+int
+virDomainQemuEventStateDeregister(virConnectPtr conn,
+ virDomainEventStatePtr state,
+ int callbackID)
+{
+ int ret;
+
+ virDomainEventStateLock(state);
+ if (state->isDispatching)
+ ret = virDomainEventCallbackListMarkDeleteID(conn,
+ state->callbacks, callbackID);
+ else
+ ret = virDomainEventCallbackListRemoveID(conn,
+ state->callbacks, callbackID);
+ virDomainEventStateUnlock(state);
+ return ret;
+}
diff --git a/src/conf/domain_event.h b/src/conf/domain_event.h
index 3ba418e..f2fe847 100644
--- a/src/conf/domain_event.h
+++ b/src/conf/domain_event.h
@@ -83,14 +83,23 @@ int virDomainEventCallbackListAddID(virConnectPtr conn,
virFreeCallback freecb)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(5);
+int virDomainEventCallbackListAddName(virConnectPtr conn,
+ virDomainEventCallbackListPtr cbList,
+ virDomainPtr dom,
+ const char* eventName,
+ int eventID,
+ virConnectDomainEventGenericCallback callback,
+ void *opaque,
+ virFreeCallback freecb)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(6);
int virDomainEventCallbackListRemove(virConnectPtr conn,
virDomainEventCallbackListPtr cbList,
virConnectDomainEventCallback callback)
ATTRIBUTE_NONNULL(1);
-int virDomainEventCallbackListRemoveID(virConnectPtr conn,
- virDomainEventCallbackListPtr cbList,
- int callbackID)
+int virDomainQemuEventCallbackListRemoveID(virConnectPtr conn,
+ virDomainEventCallbackListPtr cbList,
+ int callbackID)
ATTRIBUTE_NONNULL(1);
int virDomainEventCallbackListRemoveConn(virConnectPtr conn,
virDomainEventCallbackListPtr cbList)
@@ -106,9 +115,14 @@ int virDomainEventCallbackListMarkDeleteID(virConnectPtr conn,
int callbackID)
ATTRIBUTE_NONNULL(1);
-
int virDomainEventCallbackListPurgeMarked(virDomainEventCallbackListPtr cbList);
+int virDomainEventCallbackListAddQemuCallbackID(virConnectPtr conn,
+ virDomainEventCallbackListPtr cbList,
+ int callbackID,
+ int qemuCallbackID)
+ ATTRIBUTE_NONNULL(1);
+
int virDomainEventCallbackListCount(virDomainEventCallbackListPtr cbList);
int virDomainEventCallbackListCountID(virConnectPtr conn,
virDomainEventCallbackListPtr cbList,
@@ -119,6 +133,21 @@ int virDomainEventCallbackListEventID(virConnectPtr conn,
int callbackID)
ATTRIBUTE_NONNULL(1);
+int virDomainEventCallbackListCountName(virConnectPtr conn,
+ virDomainEventCallbackListPtr cbList,
+ const char *eventName)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(3);
+
+int virDomainEventCallbackListEventQemuCallbackID(virConnectPtr conn,
+ virDomainEventCallbackListPtr cbList,
+ int callbackID)
+ ATTRIBUTE_NONNULL(1);
+
+const char* virDomainEventCallbackListEventName(virConnectPtr conn,
+ virDomainEventCallbackListPtr cbList,
+ int callbackID)
+ ATTRIBUTE_NONNULL(1);
+
virDomainEventQueuePtr virDomainEventQueueNew(void);
virDomainEventPtr virDomainEventNew(int id, const char *name, const unsigned char *uuid, int type, int detail);
@@ -190,6 +219,13 @@ virDomainEventPtr virDomainEventDiskChangeNewFromDom(virDomainPtr dom,
const char *devAlias,
int reason);
+virDomainEventPtr virDomainEventUnknownNewFromObj(virDomainObjPtr obj,
+ const char *eventName,
+ const char *eventArgs);
+virDomainEventPtr virDomainEventUnknownNewFromDom(virDomainPtr dom,
+ const char *eventName,
+ const char *eventArgs);
+
int virDomainEventQueuePush(virDomainEventQueuePtr evtQueue,
virDomainEventPtr event);
@@ -246,5 +282,9 @@ virDomainEventStateDeregisterAny(virConnectPtr conn,
virDomainEventStatePtr state,
int callbackID)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
-
+int
+virDomainQemuEventStateDeregister(virConnectPtr conn,
+ virDomainEventStatePtr state,
+ int callbackID)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
#endif
diff --git a/src/driver.h b/src/driver.h
index 941ff51..51164a9 100644
--- a/src/driver.h
+++ b/src/driver.h
@@ -635,6 +635,18 @@ typedef virDomainPtr
unsigned int flags);
typedef int
+ (*virDrvDomainQemuEventRegister)(virConnectPtr conn,
+ virDomainPtr dom, /* option to filter */
+ const char *eventName, /* JSON event name */
+ virConnectDomainEventGenericCallback cb,
+ void *opaque,
+ virFreeCallback freecb);
+
+typedef int
+ (*virDrvDomainQemuEventDeregister)(virConnectPtr conn,
+ int callbackID);
+
+typedef int
(*virDrvDomainOpenConsole)(virDomainPtr dom,
const char *dev_name,
virStreamPtr st,
@@ -915,6 +927,8 @@ struct _virDriver {
virDrvDomainSnapshotDelete domainSnapshotDelete;
virDrvDomainQemuMonitorCommand qemuDomainMonitorCommand;
virDrvDomainQemuAttach qemuDomainAttach;
+ virDrvDomainQemuEventRegister qemuDomainQemuEventRegister;
+ virDrvDomainQemuEventDeregister qemuDomainQemuEventDeregister;
virDrvDomainOpenConsole domainOpenConsole;
virDrvDomainOpenGraphics domainOpenGraphics;
virDrvDomainInjectNMI domainInjectNMI;
diff --git a/src/libvirt-qemu.c b/src/libvirt-qemu.c
index 248cc33..7722b7b 100644
--- a/src/libvirt-qemu.c
+++ b/src/libvirt-qemu.c
@@ -36,6 +36,77 @@
virReportErrorHelper(VIR_FROM_DOM, error, NULL, __FUNCTION__, \
__LINE__, info)
+/* Helper macros to implement VIR_DOMAIN_DEBUG using just C99. This
+ * assumes you pass fewer than 15 arguments to VIR_DOMAIN_DEBUG, but
+ * can easily be expanded if needed.
+ *
+ * Note that gcc provides extensions of "define a(b...) b" or
+ * "define a(b,...) b,##__VA_ARGS__" as a means of eliding a comma
+ * when no var-args are present, but we don't want to require gcc.
+ */
+#define VIR_ARG15(_1, _2, _3, _4, _5, _6, _7, _8, _9, _10, _11, _12, _13, _14, _15, ...) _15
+#define VIR_HAS_COMMA(...) VIR_ARG15(__VA_ARGS__, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0)
+
+/* Form the name VIR_DOMAIN_DEBUG_[01], then call that macro,
+ * according to how many arguments are present. Two-phase due to
+ * macro expansion rules. */
+#define VIR_DOMAIN_DEBUG_EXPAND(a, b, ...) \
+ VIR_DOMAIN_DEBUG_PASTE(a, b, __VA_ARGS__)
+#define VIR_DOMAIN_DEBUG_PASTE(a, b, ...) \
+ a##b(__VA_ARGS__)
+
+/* Internal use only, when VIR_DOMAIN_DEBUG has one argument. */
+#define VIR_DOMAIN_DEBUG_0(dom) \
+ VIR_DOMAIN_DEBUG_2(dom, "%s", "")
+
+/* Internal use only, when VIR_DOMAIN_DEBUG has three or more arguments. */
+#define VIR_DOMAIN_DEBUG_1(dom, fmt, ...) \
+ VIR_DOMAIN_DEBUG_2(dom, ", " fmt, __VA_ARGS__)
+
+/* Internal use only, with final format. */
+#define VIR_DOMAIN_DEBUG_2(dom, fmt, ...) \
+ do { \
+ char _uuidstr[VIR_UUID_STRING_BUFLEN]; \
+ const char *_domname = NULL; \
+ \
+ if (!VIR_IS_DOMAIN(dom)) { \
+ memset(_uuidstr, 0, sizeof(_uuidstr)); \
+ } else { \
+ virUUIDFormat((dom)->uuid, _uuidstr); \
+ _domname = (dom)->name; \
+ } \
+ \
+ VIR_DEBUG("dom=%p, (VM: name=%s, uuid=%s)" fmt, \
+ dom, NULLSTR(_domname), _uuidstr, __VA_ARGS__); \
+ } while (0)
+
+/**
+ * VIR_DOMAIN_DEBUG:
+ * @dom: domain
+ * @fmt: optional format for additional information
+ * @...: optional arguments corresponding to @fmt.
+ */
+#define VIR_DOMAIN_DEBUG(...) \
+ VIR_DOMAIN_DEBUG_EXPAND(VIR_DOMAIN_DEBUG_, \
+ VIR_HAS_COMMA(__VA_ARGS__), \
+ __VA_ARGS__)
+
+/**
+ * VIR_UUID_DEBUG:
+ * @conn: connection
+ * @uuid: possibly null UUID array
+ */
+#define VIR_UUID_DEBUG(conn, uuid) \
+ do { \
+ if (uuid) { \
+ char _uuidstr[VIR_UUID_STRING_BUFLEN]; \
+ virUUIDFormat(uuid, _uuidstr); \
+ VIR_DEBUG("conn=%p, uuid=%s", conn, _uuidstr); \
+ } else { \
+ VIR_DEBUG("conn=%p, uuid=(null)", conn); \
+ } \
+ } while (0)
+
/**
* virDomainQemuMonitorCommand:
* @domain: a domain object
@@ -178,3 +249,121 @@ error:
virDispatchError(conn);
return NULL;
}
+
+/**
+ * virConnectDomainQemuEventRegister:
+ * @conn: pointer to the connection
+ * @dom: pointer to the domain
+ * @eventName: the event Name to receive
+ * @cb: callback to the function handling domain events
+ * @opaque: opaque data to pass on to the callback
+ * @freecb: optional function to deallocate opaque when not used anymore
+ *
+ * Adds a callback to receive notifications of arbitrary qemu domain events
+ * occurring on a domain.
+ *
+ * If dom is NULL, then events will be monitored for any domain. If dom
+ * is non-NULL, then only the specific domain will be monitored
+ *
+ * Most types of event have a callback providing a custom set of parameters
+ * for the event. When registering an event, it is thus neccessary to use
+ * the VIR_DOMAIN_EVENT_CALLBACK() macro to cast the supplied function pointer
+ * to match the signature of this method.
+ *
+ * The virDomainPtr object handle passed into the callback upon delivery
+ * of an event is only valid for the duration of execution of the callback.
+ * If the callback wishes to keep the domain object after the callback returns,
+ * it shall take a reference to it, by calling virDomainRef.
+ * The reference can be released once the object is no longer required
+ * by calling virDomainFree.
+ *
+ * The return value from this method is a positive integer identifier
+ * for the callback. To unregister a callback, this callback ID should
+ * be passed to the virConnectDomainQemuEventDeregister method
+ *
+ * Returns a callback identifier on success, -1 on failure
+ */
+int
+virConnectDomainQemuEventRegister(virConnectPtr conn,
+ virDomainPtr dom, /* option to filter */
+ const char *eventName, /* JSON event name */
+ virConnectDomainQemuEventCallback cb,
+ void *opaque,
+ virFreeCallback freecb)
+{
+ VIR_DOMAIN_DEBUG(dom, "conn=%p, eventName=%s, cb=%p, opaque=%p, freecb=%p",
+ conn, eventName, cb, opaque, freecb);
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(conn, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ virDispatchError(NULL);
+ return -1;
+ }
+ if (dom != NULL &&
+ !(VIR_IS_CONNECTED_DOMAIN(dom) && dom->conn == conn)) {
+ virLibConnError(conn, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ virDispatchError(conn);
+ return -1;
+ }
+ if (eventName == NULL || cb == NULL) {
+ virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ goto error;
+ }
+
+ if ((conn->driver) && (conn->driver->qemuDomainQemuEventRegister)) {
+ int ret;
+ ret = conn->driver->qemuDomainQemuEventRegister(conn, dom, eventName, cb, opaque, freecb);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError(conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+error:
+ virDispatchError(conn);
+ return -1;
+}
+
+/**
+ * virConnectDomainQemuEventDeregister:
+ * @conn: pointer to the connection
+ * @callbackID: the callback identifier
+ *
+ * Removes an event callback. The callbackID parameter should be the
+ * vaule obtained from a previous virConnectDomainQemuEventDeregister method.
+ *
+ * Returns 0 on success, -1 on failure
+ */
+int
+virConnectDomainQemuEventDeregister(virConnectPtr conn,
+ int callbackID)
+{
+
+ VIR_DEBUG("conn=%p, callbackID=%d", conn, callbackID);
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(conn, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ virDispatchError(NULL);
+ return -1;
+ }
+ if (callbackID < 0) {
+ virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ goto error;
+ }
+ if ((conn->driver) && (conn->driver->qemuDomainQemuEventDeregister)) {
+ int ret;
+ ret = conn->driver->qemuDomainQemuEventDeregister(conn, callbackID);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError(conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+error:
+ virDispatchError(conn);
+ return -1;
+}
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 48ffdf2..75e544a 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -471,11 +471,16 @@ virDomainWatchdogModelTypeToString;
# domain_event.h
virDomainEventBlockJobNewFromObj;
virDomainEventBlockJobNewFromDom;
+virDomainEventUnknownNewFromObj;
+virDomainEventunknownNewFromDom;
virDomainEventCallbackListAdd;
virDomainEventCallbackListAddID;
+virDomainEventCallbackListAddName;
virDomainEventCallbackListCount;
virDomainEventCallbackListCountID;
+virDomainEventCallbackListCountName;
virDomainEventCallbackListEventID;
+virDomainEventCallbackListEventName;
virDomainEventCallbackListFree;
virDomainEventCallbackListMarkDelete;
virDomainEventCallbackListMarkDeleteID;
@@ -512,6 +517,7 @@ virDomainEventRebootNewFromDom;
virDomainEventRebootNewFromObj;
virDomainEventStateDeregister;
virDomainEventStateDeregisterAny;
+virDomainQemuEventStateDeregister;
virDomainEventStateFlush;
virDomainEventStateFree;
virDomainEventStateNew;
diff --git a/src/libvirt_qemu.syms b/src/libvirt_qemu.syms
index 8447730..a17e387 100644
--- a/src/libvirt_qemu.syms
+++ b/src/libvirt_qemu.syms
@@ -19,3 +19,8 @@ LIBVIRT_QEMU_0.9.4 {
global:
virDomainQemuAttach;
} LIBVIRT_QEMU_0.8.3;
+LIBVIRT_QEMU_0.9.9 {
+ global:
+ virConnectDomainQemuEventRegister;
+ virConnectDomainQemuEventDeregister;
+} LIBVIRT_QEMU_0.9.4;
--
1.7.5.4
12 years, 10 months
[libvirt] Build issue with libvirt 0.9.8
by Christophe Fergeau
Hi,
When building libvirt 0.9.8 with jhbuild, I have now reproduced twice some
issue during the build. Namely, after successfully building and installing
libvirt 0.9.8, when I try to run virsh, I get:
virsh: /home/teuf/jhbuild-boxes/opt/lib64/libvirt.so.0: version
`LIBVIRT_PRIVATE_0.9.7' not found (required by
/home/teuf/jhbuild-boxes/opt/lib64/libvirt-qemu.so.0)
This happens when I start from a clean prefix (no libvirt in it), then I
install 0.9.7, and then I try to install 0.9.8 on top of it. If I rebuild
libvirt-0.9.8 once more this goes away, so this is not a blocking problem
for me.
I have checked that libvirt-qemu.so.0 is the 0.9.8 version, I have looked
in the build logs and in Makefile.am and everything looks correct to me, so
I was wondering if anyone had any explanation for this behaviour. Once
again, it's easy to workaround so it's not a big issue, but I'm mentioning
it in case there would something obvious I missed.
I put the build logs at
http://people.gnome.org/~teuf/libvirt-0.9.7
and
http://people.gnome.org/~teuf/libvirt-0.9.8
Christophe
12 years, 10 months
[libvirt] libvirt doesn't work with qemu 1.0
by Gerd Hoffmann
Hi,
$subject says all. The error message is:
error: internal error cannot parse /home/kraxel/bin/qemu-default version
number in 'QEMU emulator version 1.0, Copyright (c) 2003-2008 Fabrice
Bellard'
cheers,
Gerd
PS: libvirt-0.9.4-23.el6.x86_64
12 years, 11 months
[libvirt] [PATCH 0/8 v5] Summary on block IO throttle
by Lei Li
Changes since V3
- Use virTypedParameterPtr instead of specific struct in libvirt pulic API.
- Relevant changes to remote driver, qemu driver, python support and virsh.
Changes since V2
- Implement the Python binding support for setting blkio throttling.
- Implement --current --live --config options support to unify the libvirt API.
- Add changes in docs and tests.
- Some changes suggested by Adam Litke, Eric Blake, Daniel P. Berrange.
- Change the XML schema.
- API name to virDomain{Set, Get}BlockIoTune.
- Parameters changed to make them more self-explanatory.
- virsh command name to blkdeviotune.
- And other fixups.
Changes since V1
- Implement the support to get the block io throttling for
a device as read only connection - QMP/HMP.
- Split virDomainBlockIoThrottle into two separate functions
virDomainSetBlockIoThrottle - Set block I/O limits for a device
- Requires a connection in 'write' mode.
- Limits (info) structure passed as an input parameter
virDomainGetBlockIoThrottle - Get the current block I/O limits for a device
- Works on a read-only connection.
- Current limits are written to the output parameter (reply).
- And Other fixups suggested by Adam Litke, Daniel P. Berrange.
- For dynamically allocate the blkiothrottle struct, I will fix
it when implement --current --live --config options support.
Today libvirt supports the cgroups blkio-controller, which handles
proportional shares and throughput/iops limits on host block devices.
blkio-controller does not support network file systems (NFS) or other
QEMU remote block drivers (curl, Ceph/rbd, sheepdog) since they are
not host block devices. QEMU I/O throttling works with all types of
drive and can be applied independently to each drive attached to
a guest and supports throughput/iops limits.
To help add QEMU I/O throttling support to libvirt, we plan to complete
it with add new API virDomain{Set, Get}BlockIoThrottle(), new command 'blkdeviotune'
and Python bindings.
Notes: Now all the planed features were implemented (#1#2 were implemented by
Zhi Yong Wu), the previous comments were all fixed up too. And the qemu part patches
have been accepted upstream and are expected to be part of the QEMU 1.1
release, git tree from Zhi Yong:
http://repo.or.cz/w/qemu/kevin.git/shortlog/refs/heads/block
1) Enable the blkio throttling in xml when guest is starting up.
Add blkio throttling in xml as follows:
<disk type='file' device='disk'>
...
<iotune>
<total_bytes_sec>nnn</total_bytes_sec>
...
</iotune>
...
</disk>
2) Enable blkio throttling setting at guest running time.
virsh blkdeviotune <domain> <device> [--total_bytes_sec<number>] [--read_bytes_sec<number>] \
[--write_bytes_sec<number>] [--total_iops_sec<number>] [--read_iops_sec<number>]
[--write_iops_sec<number>]
3) The support to get the current block i/o throttling for a device - HMP/QMP.
virsh blkiothrottle <domain> <device>
total_bytes_sec:
read_bytes_sec:
write_bytes_sec:
total_iops_sec:
read_iops_sec:
write_iops_sec:
4) Python binding support for setting blkio throttling.
5) --current --live --config options support to unify the libvirt API.
virsh blkdeviotune <domain> <device> [--total_bytes_sec <number>] [--read_bytes_sec <number>]
[--write_bytes_sec <number>] [--total_iops_sec <number>] [--read_iops_sec <number>]
[--write_iops_sec <number>] [--config] [--live] [--current]
daemon/remote.c | 108 +++++++
docs/formatdomain.html.in | 31 ++
docs/schemas/domaincommon.rng | 24 ++
include/libvirt/libvirt.h.in | 70 ++++
python/generator.py | 2 +
python/libvirt-override-api.xml | 16 +
python/libvirt-override.c | 179 +++++++++++
src/conf/domain_conf.c | 101 ++++++-
src/conf/domain_conf.h | 12 +
src/driver.h | 20 ++
src/libvirt.c | 145 +++++++++
src/libvirt_public.syms | 2 +
src/qemu/qemu_command.c | 33 ++
src/qemu/qemu_driver.c | 338 ++++++++++++++++++++
src/qemu/qemu_monitor.c | 36 ++
src/qemu/qemu_monitor.h | 22 ++
src/qemu/qemu_monitor_json.c | 185 +++++++++++
src/qemu/qemu_monitor_json.h | 10 +
src/qemu/qemu_monitor_text.c | 164 ++++++++++
src/qemu/qemu_monitor_text.h | 10 +
src/remote/remote_driver.c | 96 ++++++
src/remote/remote_protocol.x | 26 ++-
src/remote_protocol-structs | 24 ++
src/util/xml.h | 2 +
.../qemuxml2argv-blkdeviotune.args | 4 +
.../qemuxml2argvdata/qemuxml2argv-blkdeviotune.xml | 37 +++
tests/qemuxml2argvtest.c | 1 +
tests/qemuxml2xmltest.c | 1 +
tools/virsh.c | 240 ++++++++++++++
tools/virsh.pod | 23 ++
30 files changed, 1958 insertions(+), 4 deletions(-)
--
Lei
12 years, 11 months
[libvirt] [PATCH v2 0/6] Console coruption with two or more clients series
by Peter Krempa
This series fixes anoying console corruption if two clients try to connect
at same time to the console. The current state of this is, that two/more
of threads compete for the data from the PTY. This causes that each of the
consoles get scrambled and unusable.
These patches add mutual exclusion for opening consoles with two different
approaches and a option to terminate existing console streams.
A sample implementation is done using qemu driver, but i'll add more of them
if this will be OK. (They're basicaly the same as in qemu).
For convinience, to review these patches:
git checkout -b console_corruption 8d16201fe0e63afb5416a8eb7c6478f582ccccc0
git pull git://aeon.pipo.sk/libvirt.git console_dup
(The machine should be up most of time)
Peter
Peter Krempa (6):
Add flags for virDomainOpenConsole
virsh: add support for VIR_DOMAIN_CONSOLE_FORCE flag
fdstream: Emit stream abort callback even if poll() doesnt.
fdstream: Add internal callback on stream close
util: Add helpers for safe domain console operations
qemu: Add ability to abort existing console while creating new one
configure.ac | 37 +++-
include/libvirt/libvirt.h.in | 12 +-
src/Makefile.am | 5 +-
src/fdstream.c | 95 +++++++++-
src/fdstream.h | 11 +
src/libvirt_private.syms | 6 +
src/qemu/qemu_domain.c | 5 +
src/qemu/qemu_domain.h | 3 +
src/qemu/qemu_driver.c | 21 ++-
src/util/domain_safe_console.c | 399 ++++++++++++++++++++++++++++++++++++++++
src/util/domain_safe_console.h | 28 +++
tools/console.c | 5 +-
tools/console.h | 3 +-
tools/virsh.c | 18 ++-
14 files changed, 614 insertions(+), 34 deletions(-)
create mode 100644 src/util/domain_safe_console.c
create mode 100644 src/util/domain_safe_console.h
--
1.7.3.4
12 years, 11 months
[libvirt] Using virtEvents in macvtap setup code
by Dirk Herrendoerfer
Hi all,
I'm trying to get libvirt to re-associate lost connections when a vepa
connection
is lost due to a switch error, or lldpad restart.
My take was to use the virtEvent infrastructure to poll for messages
on a netlink
socket and then restart the association if the message indicates that
a link came
back up.
I ran into a problem, that if I start the polling netlink event from
the daemon thread
I would get the file events an the netlink messages, but I cannot
configure the
event handler because the rpc client threads and the daemon do not
share the
same address space.
Is there a way to get file events in the VMs setup code so I can
register a callback
at VM initialization time to receive netlink messages and restart
association if needed ?
Best regards,
D.Herrendoerfer <herrend at de dot ibm dot com > <d.herrendoerfer at
herrendoerfer dot name>
12 years, 11 months
[libvirt] [PATCH 0/5 v3] Interface pools and passthrough mode
by Shradha Shah
Interface Pools and Passthrough mode:
Current Method:
The passthrough mode uses a macvtap direct connection to connect each
guest to the network. The physical interface to be used is picked from
among those listed in <interface> sub elements of the <forward> element.
The current specification for <forward> extends to allow 0 or more
<interface> sub-elements:
Example:
<forward mode='passthrough' dev='eth10'/>
<interface dev='eth10'/>
<interface dev='eth12'/>
<interface dev='eth18'/>
<interface dev='eth20'/>
</forward>
However with an ethernet card with 64 VF's or more, the above method
gets tedious on the system.
On the other hand, just parameterizing a string (eth%d) is inadequate,
eg, when there are multiple non-contiguous ranges.
Proposed Method:
The 4 patches provided:
i) Introduce a new element 'pf' to implicitly create an interface pool
of all the Virtual Functions attached to the specified Physical
Function.
ii) Modify the networkAllocateActualDevice, networkNotifyActualDevice
and networkReleaseActualDevice API to use the above mentioned interface
pool in the passthrough mode.
iii) Allow virsh net-dumpxml to use an option --inactive to
differentiate between explicit and implicit interface pools
Hence Libvirt will now support both the methods mentioned below:
* Explicit interface list. App inputs:
<forward mode='passthrough'>
<interface dev='eth10'/>
<interface dev='eth11'/>
<interface dev='eth12'/>
<interface dev='eth13'/>
</forward>
libvirt does not change XML
* Automatically interface list from PF. App inputs:
<forward mode='passthrough'>
<pf dev='eth0'/>
</forward>
libvirt expands XML to be
<forward mode='passthrough'>
<pf dev='eth0'/>
<interface dev='eth10'/>
<interface dev='eth11'/>
<interface dev='eth12'/>
<interface dev='eth13'/>
</forward>
In the above case we need to differentiate between the implicit and
explicit interface pool, which can be done by comparing the dumpxml from
active and inactive domains.
This will need the addition of the flag VIR_NETWORK_XML_INACTIVE to
virNetworkGetXMLDesc().
This patch series supports the use of option --inactive with virsh
net-dumpxml.
Shradha Shah (5):
Added function pciSysfsFile to enable access to the PCI SYSFS files.
Added Function virNetDevGetVirtualFunctions
Adding the element pf to network xml.
Functionality to implicitly get interface pool from SR-IOV PF.
Added new option to virsh net-dumpxml called --inactive
docs/schemas/network.rng | 7 +++
include/libvirt/libvirt.h.in | 4 ++
src/conf/network_conf.c | 79 +++++++++++++++++++++++++++++++---
src/conf/network_conf.h | 5 ++-
src/network/bridge_driver.c | 97 ++++++++++++++++++++++++++++++++---------
src/test/test_driver.c | 2 +-
src/util/pci.c | 39 +++++++++++++++++
src/util/pci.h | 7 +++
src/util/virnetdev.c | 83 ++++++++++++++++++++++++++++++++++++
src/util/virnetdev.h | 6 +++
src/vbox/vbox_tmpl.c | 2 +-
tests/networkxml2xmltest.c | 2 +-
tools/virsh.c | 13 +++++-
13 files changed, 311 insertions(+), 35 deletions(-)
--
1.7.4.4
12 years, 11 months
[libvirt] [PATCH] Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
When sVirt is integrated with the LXC driver, it will be neccessary
to invoke the security driver APIs using only a virDomainDefPtr
since the lxc_container.c code has no virDomainObjPtr available.
Aside from two functions which want obj->pid, every bit of the
security driver code only touches obj->def. So we don't need to
pass a virDomainObjPtr into the security drivers, a virDomainDefPtr
is sufficient. Two functions also gain a 'pid_t pid' argument.
* src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c,
src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
src/security/security_apparmor.c,
src/security/security_dac.c,
src/security/security_driver.h,
src/security/security_manager.c,
src/security/security_manager.h,
src/security/security_nop.c,
src/security/security_selinux.c,
src/security/security_stack.c: Change all security APIs to use a
virDomainDefPtr instead of virDomainObjPtr
---
src/qemu/qemu_driver.c | 10 +-
src/qemu/qemu_hotplug.c | 28 ++--
src/qemu/qemu_migration.c | 12 +-
src/qemu/qemu_process.c | 24 ++--
src/security/security_apparmor.c | 136 ++++++++++----------
src/security/security_dac.c | 91 +++++++-------
src/security/security_driver.h | 36 +++---
src/security/security_manager.c | 40 +++---
src/security/security_manager.h | 36 +++---
src/security/security_nop.c | 36 +++---
src/security/security_selinux.c | 260 +++++++++++++++++++-------------------
src/security/security_stack.c | 44 ++++---
12 files changed, 381 insertions(+), 372 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 6cfdd1d..6e001ce 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3096,7 +3096,7 @@ qemuDomainScreenshot(virDomainPtr dom,
}
unlink_tmp = true;
- virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
+ virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm->def, tmp);
qemuDomainObjEnterMonitor(driver, vm);
if (qemuMonitorScreendump(priv->mon, tmp) < 0) {
@@ -3868,7 +3868,7 @@ static int qemudDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr sec
*/
if (virDomainObjIsActive(vm)) {
if (virSecurityManagerGetProcessLabel(driver->securityManager,
- vm, seclabel) < 0) {
+ vm->def, vm->pid, seclabel) < 0) {
qemuReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("Failed to get security label"));
goto cleanup;
@@ -4167,7 +4167,7 @@ qemuDomainSaveImageStartVM(virConnectPtr conn,
out:
virCommandFree(cmd);
if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager,
- vm, path) < 0)
+ vm->def, path) < 0)
VIR_WARN("failed to restore save state label on %s", path);
return ret;
@@ -7584,7 +7584,7 @@ qemudDomainMemoryPeek (virDomainPtr dom,
goto endjob;
}
- virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp);
+ virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm->def, tmp);
priv = vm->privateData;
qemuDomainObjEnterMonitor(driver, vm);
@@ -9064,7 +9064,7 @@ qemuDomainSnapshotCreateSingleDiskActive(struct qemud_driver *driver,
if (virDomainLockDiskAttach(driver->lockManager, vm, disk) < 0)
goto cleanup;
- if (virSecurityManagerSetImageLabel(driver->securityManager, vm,
+ if (virSecurityManagerSetImageLabel(driver->securityManager, vm->def,
disk) < 0) {
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", source);
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 96c0070..684fede 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -88,7 +88,7 @@ int qemuDomainChangeEjectableMedia(struct qemud_driver *driver,
return -1;
if (virSecurityManagerSetImageLabel(driver->securityManager,
- vm, disk) < 0) {
+ vm->def, disk) < 0) {
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", disk->src);
return -1;
@@ -120,7 +120,7 @@ int qemuDomainChangeEjectableMedia(struct qemud_driver *driver,
goto error;
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, origdisk) < 0)
+ vm->def, origdisk) < 0)
VIR_WARN("Unable to restore security label on ejected image %s", origdisk->src);
if (virDomainLockDiskDetach(driver->lockManager, vm, origdisk) < 0)
@@ -141,7 +141,7 @@ error:
VIR_FREE(driveAlias);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, disk) < 0)
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on new media %s", disk->src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
@@ -209,7 +209,7 @@ int qemuDomainAttachPciDiskDevice(virConnectPtr conn,
return -1;
if (virSecurityManagerSetImageLabel(driver->securityManager,
- vm, disk) < 0) {
+ vm->def, disk) < 0) {
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", disk->src);
return -1;
@@ -283,7 +283,7 @@ error:
VIR_WARN("Unable to release PCI address on %s", disk->src);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, disk) < 0)
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
@@ -439,7 +439,7 @@ int qemuDomainAttachSCSIDisk(virConnectPtr conn,
return -1;
if (virSecurityManagerSetImageLabel(driver->securityManager,
- vm, disk) < 0) {
+ vm->def, disk) < 0) {
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", disk->src);
return -1;
@@ -530,7 +530,7 @@ error:
VIR_FREE(drivestr);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, disk) < 0)
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
@@ -562,7 +562,7 @@ int qemuDomainAttachUsbMassstorageDevice(virConnectPtr conn,
return -1;
if (virSecurityManagerSetImageLabel(driver->securityManager,
- vm, disk) < 0) {
+ vm->def, disk) < 0) {
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", disk->src);
return -1;
@@ -623,7 +623,7 @@ error:
VIR_FREE(drivestr);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, disk) < 0)
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
@@ -1112,7 +1112,7 @@ int qemuDomainAttachHostDevice(struct qemud_driver *driver,
if (virSecurityManagerSetHostdevLabel(driver->securityManager,
- vm, hostdev) < 0)
+ vm->def, hostdev) < 0)
return -1;
switch (hostdev->source.subsys.type) {
@@ -1139,7 +1139,7 @@ int qemuDomainAttachHostDevice(struct qemud_driver *driver,
error:
if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
- vm, hostdev) < 0)
+ vm->def, hostdev) < 0)
VIR_WARN("Unable to restore host device labelling on hotplug fail");
return -1;
@@ -1572,7 +1572,7 @@ int qemuDomainDetachPciDiskDevice(struct qemud_driver *driver,
virDomainDiskDefFree(detach);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, dev->data.disk) < 0)
+ vm->def, dev->data.disk) < 0)
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) {
@@ -1654,7 +1654,7 @@ int qemuDomainDetachDiskDevice(struct qemud_driver *driver,
virDomainDiskDefFree(detach);
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm, dev->data.disk) < 0)
+ vm->def, dev->data.disk) < 0)
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) {
@@ -2162,7 +2162,7 @@ int qemuDomainDetachHostDevice(struct qemud_driver *driver,
}
if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
- vm, dev->data.hostdev) < 0)
+ vm->def, dev->data.hostdev) < 0)
VIR_WARN("Failed to restore host device labelling");
return ret;
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 8ae989a..b3ef894 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1749,13 +1749,13 @@ static int doNativeMigrate(struct qemud_driver *driver,
virReportOOMError();
goto cleanup;
}
- if (virSecurityManagerSetSocketLabel(driver->securityManager, vm) < 0)
+ if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def) < 0)
goto cleanup;
if (virNetSocketNewConnectTCP(uribits->server, tmp, &sock) == 0) {
spec.dest.fd.qemu = virNetSocketDupFD(sock, true);
virNetSocketFree(sock);
}
- if (virSecurityManagerClearSocketLabel(driver->securityManager, vm) < 0 ||
+ if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0 ||
spec.dest.fd.qemu == -1)
goto cleanup;
} else {
@@ -1822,7 +1822,7 @@ static int doTunnelMigrate(struct qemud_driver *driver,
spec.dest.fd.local = fds[0];
}
if (spec.dest.fd.qemu == -1 ||
- virSecurityManagerSetImageFDLabel(driver->securityManager, vm,
+ virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
spec.dest.fd.qemu) < 0) {
virReportSystemError(errno, "%s",
_("cannot create pipe for tunnelled migration"));
@@ -2842,7 +2842,7 @@ qemuMigrationToFile(struct qemud_driver *driver, virDomainObjPtr vm,
* doesn't have to open() the file, so while we still have to
* grant SELinux access, we can do it on fd and avoid cleanup
* later, as well as skip futzing with cgroup. */
- if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm,
+ if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
compressor ? pipeFD[1] : fd) < 0)
goto cleanup;
bypassSecurityDriver = true;
@@ -2876,7 +2876,7 @@ qemuMigrationToFile(struct qemud_driver *driver, virDomainObjPtr vm,
}
if ((!bypassSecurityDriver) &&
virSecurityManagerSetSavedStateLabel(driver->securityManager,
- vm, path) < 0)
+ vm->def, path) < 0)
goto cleanup;
restoreLabel = true;
}
@@ -2951,7 +2951,7 @@ cleanup:
virCommandFree(cmd);
if (restoreLabel && (!bypassSecurityDriver) &&
virSecurityManagerRestoreSavedStateLabel(driver->securityManager,
- vm, path) < 0)
+ vm->def, path) < 0)
VIR_WARN("failed to restore save state label on %s", path);
if (cgroup != NULL) {
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 2563f97..58ce333 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -839,7 +839,7 @@ qemuConnectMonitor(struct qemud_driver *driver, virDomainObjPtr vm)
qemuMonitorPtr mon = NULL;
if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager,
- vm) < 0) {
+ vm->def) < 0) {
VIR_ERROR(_("Failed to set security context for monitor for %s"),
vm->def->name);
goto error;
@@ -872,7 +872,7 @@ qemuConnectMonitor(struct qemud_driver *driver, virDomainObjPtr vm)
}
priv->mon = mon;
- if (virSecurityManagerClearSocketLabel(driver->securityManager, vm) < 0) {
+ if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0) {
VIR_ERROR(_("Failed to clear security context for monitor for %s"),
vm->def->name);
goto error;
@@ -2163,7 +2163,7 @@ static int qemuProcessHook(void *data)
* sockets the lock driver opens that we don't want
* labelled. So far we're ok though.
*/
- if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm) < 0)
+ if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm->def) < 0)
goto cleanup;
if (virDomainLockProcessStart(h->driver->lockManager,
h->vm,
@@ -2171,7 +2171,7 @@ static int qemuProcessHook(void *data)
true,
&fd) < 0)
goto cleanup;
- if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm) < 0)
+ if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm->def) < 0)
goto cleanup;
if (qemuProcessLimits(h->driver) < 0)
@@ -2194,7 +2194,7 @@ static int qemuProcessHook(void *data)
return -1;
VIR_DEBUG("Setting up security labelling");
- if (virSecurityManagerSetProcessLabel(h->driver->securityManager, h->vm) < 0)
+ if (virSecurityManagerSetProcessLabel(h->driver->securityManager, h->vm->def) < 0)
goto cleanup;
ret = 0;
@@ -2656,7 +2656,7 @@ qemuProcessReconnect(void *opaque)
goto error;
}
- if (virSecurityManagerReserveLabel(driver->securityManager, obj) < 0)
+ if (virSecurityManagerReserveLabel(driver->securityManager, obj->def, obj->pid) < 0)
goto error;
if (qemuProcessNotifyNets(obj->def) < 0)
@@ -2894,7 +2894,7 @@ int qemuProcessStart(virConnectPtr conn,
/* If you are using a SecurityDriver with dynamic labelling,
then generate a security label for isolation */
VIR_DEBUG("Generating domain security label (if required)");
- if (virSecurityManagerGenLabel(driver->securityManager, vm) < 0) {
+ if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) {
virDomainAuditSecurityLabel(vm, false);
goto cleanup;
}
@@ -3128,7 +3128,7 @@ int qemuProcessStart(virConnectPtr conn,
VIR_DEBUG("Setting domain security labels");
if (virSecurityManagerSetAllLabel(driver->securityManager,
- vm, stdin_path) < 0)
+ vm->def, stdin_path) < 0)
goto cleanup;
if (stdin_fd != -1) {
@@ -3145,7 +3145,7 @@ int qemuProcessStart(virConnectPtr conn,
goto cleanup;
}
if (S_ISFIFO(stdin_sb.st_mode) &&
- virSecurityManagerSetImageFDLabel(driver->securityManager, vm, stdin_fd) < 0)
+ virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, stdin_fd) < 0)
goto cleanup;
}
@@ -3398,8 +3398,8 @@ void qemuProcessStop(struct qemud_driver *driver,
/* Reset Security Labels */
virSecurityManagerRestoreAllLabel(driver->securityManager,
- vm, migrated);
- virSecurityManagerReleaseLabel(driver->securityManager, vm);
+ vm->def, migrated);
+ virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
/* Clear out dynamically assigned labels */
if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
@@ -3548,7 +3548,7 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
if (VIR_ALLOC(seclabel) < 0)
goto no_memory;
if (virSecurityManagerGetProcessLabel(driver->securityManager,
- vm, seclabel) < 0)
+ vm->def, vm->pid, seclabel) < 0)
goto cleanup;
if (!(vm->def->seclabel.model = strdup(driver->caps->host.secModel.model)))
goto no_memory;
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 299dcc6..4848d85 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -47,7 +47,7 @@
/* Data structure to pass to *FileIterate so we have everything we need */
struct SDPDOP {
virSecurityManagerPtr mgr;
- virDomainObjPtr vm;
+ virDomainDefPtr def;
};
/*
@@ -159,7 +159,7 @@ profile_status_file(const char *str)
static int
load_profile(virSecurityManagerPtr mgr,
const char *profile,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *fn,
bool append)
{
@@ -170,7 +170,7 @@ load_profile(virSecurityManagerPtr mgr,
const char *probe = virSecurityManagerGetAllowDiskFormatProbing(mgr)
? "1" : "0";
- xml = virDomainDefFormat(vm->def, VIR_DOMAIN_XML_SECURE);
+ xml = virDomainDefFormat(def, VIR_DOMAIN_XML_SECURE);
if (!xml)
goto clean;
@@ -212,12 +212,12 @@ remove_profile(const char *profile)
}
static char *
-get_profile_name(virDomainObjPtr vm)
+get_profile_name(virDomainDefPtr def)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *name = NULL;
- virUUIDFormat(vm->def->uuid, uuidstr);
+ virUUIDFormat(def->uuid, uuidstr);
if (virAsprintf(&name, "%s%s", AA_PREFIX, uuidstr) < 0) {
virReportOOMError();
return NULL;
@@ -257,23 +257,23 @@ cleanup:
*/
static int
reload_profile(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *fn,
bool append)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int rc = -1;
char *profile_name = NULL;
if (secdef->norelabel)
return 0;
- if ((profile_name = get_profile_name(vm)) == NULL)
+ if ((profile_name = get_profile_name(def)) == NULL)
return rc;
/* Update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) {
- if (load_profile(mgr, secdef->imagelabel, vm, fn, append) < 0) {
+ if (load_profile(mgr, secdef->imagelabel, def, fn, append) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
@@ -294,10 +294,10 @@ AppArmorSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
const char *file, void *opaque)
{
struct SDPDOP *ptr = opaque;
- virDomainObjPtr vm = ptr->vm;
+ virDomainDefPtr def = ptr->def;
- if (reload_profile(ptr->mgr, vm, file, true) < 0) {
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ if (reload_profile(ptr->mgr, def, file, true) < 0) {
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
@@ -312,10 +312,10 @@ AppArmorSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
const char *file, void *opaque)
{
struct SDPDOP *ptr = opaque;
- virDomainObjPtr vm = ptr->vm;
+ virDomainDefPtr def = ptr->def;
- if (reload_profile(ptr->mgr, vm, file, true) < 0) {
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ if (reload_profile(ptr->mgr, def, file, true) < 0) {
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
@@ -390,56 +390,56 @@ AppArmorSecurityManagerGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
*/
static int
AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
int rc = -1;
char *profile_name = NULL;
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
- if (vm->def->seclabel.baselabel) {
+ if (def->seclabel.baselabel) {
virSecurityReportError(VIR_ERR_CONFIG_UNSUPPORTED,
"%s", _("Cannot set a base label with AppArmour"));
return rc;
}
- if ((vm->def->seclabel.label) ||
- (vm->def->seclabel.model) || (vm->def->seclabel.imagelabel)) {
+ if ((def->seclabel.label) ||
+ (def->seclabel.model) || (def->seclabel.imagelabel)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s",
_("security label already defined for VM"));
return rc;
}
- if ((profile_name = get_profile_name(vm)) == NULL)
+ if ((profile_name = get_profile_name(def)) == NULL)
return rc;
- vm->def->seclabel.label = strndup(profile_name, strlen(profile_name));
- if (!vm->def->seclabel.label) {
+ def->seclabel.label = strndup(profile_name, strlen(profile_name));
+ if (!def->seclabel.label) {
virReportOOMError();
goto clean;
}
/* set imagelabel the same as label (but we won't use it) */
- vm->def->seclabel.imagelabel = strndup(profile_name,
+ def->seclabel.imagelabel = strndup(profile_name,
strlen(profile_name));
- if (!vm->def->seclabel.imagelabel) {
+ if (!def->seclabel.imagelabel) {
virReportOOMError();
goto err;
}
- vm->def->seclabel.model = strdup(SECURITY_APPARMOR_NAME);
- if (!vm->def->seclabel.model) {
+ def->seclabel.model = strdup(SECURITY_APPARMOR_NAME);
+ if (!def->seclabel.model) {
virReportOOMError();
goto err;
}
/* Now that we have a label, load the profile into the kernel. */
- if (load_profile(mgr, vm->def->seclabel.label, vm, NULL, false) < 0) {
+ if (load_profile(mgr, def->seclabel.label, def, NULL, false) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot load AppArmor profile "
- "\'%s\'"), vm->def->seclabel.label);
+ "\'%s\'"), def->seclabel.label);
goto err;
}
@@ -447,9 +447,9 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
goto clean;
err:
- VIR_FREE(vm->def->seclabel.label);
- VIR_FREE(vm->def->seclabel.imagelabel);
- VIR_FREE(vm->def->seclabel.model);
+ VIR_FREE(def->seclabel.label);
+ VIR_FREE(def->seclabel.imagelabel);
+ VIR_FREE(def->seclabel.model);
clean:
VIR_FREE(profile_name);
@@ -459,15 +459,15 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm, const char *stdin_path)
+ virDomainDefPtr def, const char *stdin_path)
{
- if (vm->def->seclabel.norelabel)
+ if (def->seclabel.norelabel)
return 0;
/* Reload the profile if stdin_path is specified. Note that
GenSecurityLabel() will have already been run. */
if (stdin_path)
- return reload_profile(mgr, vm, stdin_path, true);
+ return reload_profile(mgr, def, stdin_path, true);
return 0;
}
@@ -477,13 +477,14 @@ AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr,
*/
static int
AppArmorGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
+ pid_t pid,
virSecurityLabelPtr sec)
{
int rc = -1;
char *profile_name = NULL;
- if ((profile_name = get_profile_name(vm)) == NULL)
+ if ((profile_name = get_profile_name(def)) == NULL)
return rc;
if (virStrcpy(sec->label, profile_name,
@@ -511,9 +512,9 @@ AppArmorGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
*/
static int
AppArmorReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
VIR_FREE(secdef->model);
VIR_FREE(secdef->label);
@@ -525,10 +526,10 @@ AppArmorReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
AppArmorRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int migrated ATTRIBUTE_UNUSED)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int rc = 0;
if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
@@ -545,13 +546,13 @@ AppArmorRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
* LOCALSTATEDIR/log/libvirt/qemu/<vm name>.log
*/
static int
-AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm)
+AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainDefPtr def)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int rc = -1;
char *profile_name = NULL;
- if ((profile_name = get_profile_name(vm)) == NULL)
+ if ((profile_name = get_profile_name(def)) == NULL)
return rc;
if (STRNEQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -579,21 +580,21 @@ AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm)
static int
AppArmorSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
static int
AppArmorSetSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
static int
AppArmorClearSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
@@ -602,18 +603,18 @@ AppArmorClearSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
/* Called when hotplugging */
static int
AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
{
- return reload_profile(mgr, vm, NULL, false);
+ return reload_profile(mgr, def, NULL, false);
}
/* Called when hotplugging */
static int
AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm, virDomainDiskDefPtr disk)
+ virDomainDefPtr def, virDomainDiskDefPtr disk)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int rc = -1;
char *profile_name;
@@ -631,12 +632,12 @@ AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr,
return rc;
}
- if ((profile_name = get_profile_name(vm)) == NULL)
+ if ((profile_name = get_profile_name(def)) == NULL)
return rc;
/* update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) {
- if (load_profile(mgr, secdef->imagelabel, vm, disk->src,
+ if (load_profile(mgr, secdef->imagelabel, def, disk->src,
false) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
@@ -673,7 +674,8 @@ AppArmorSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
AppArmorReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ pid_t pid ATTRIBUTE_UNUSED)
{
/* NOOP. Nothing to reserve with AppArmor */
return 0;
@@ -681,11 +683,11 @@ AppArmorReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
struct SDPDOP *ptr;
int ret = -1;
@@ -701,7 +703,7 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
if (VIR_ALLOC(ptr) < 0)
return -1;
ptr->mgr = mgr;
- ptr->vm = vm;
+ ptr->def = def;
switch (dev->source.subsys.type) {
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
@@ -743,44 +745,44 @@ done:
static int
AppArmorRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->norelabel)
return 0;
- return reload_profile(mgr, vm, NULL, false);
+ return reload_profile(mgr, def, NULL, false);
}
static int
AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile)
{
- return reload_profile(mgr, vm, savefile, true);
+ return reload_profile(mgr, def, savefile, true);
}
static int
AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile ATTRIBUTE_UNUSED)
{
- return reload_profile(mgr, vm, NULL, false);
+ return reload_profile(mgr, def, NULL, false);
}
static int
AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int fd)
{
int rc = -1;
char *proc = NULL;
char *fd_path = NULL;
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->imagelabel == NULL)
return 0;
@@ -796,7 +798,7 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
return rc;
}
- return reload_profile(mgr, vm, fd_path, true);
+ return reload_profile(mgr, def, fd_path, true);
}
virSecurityDriver virAppArmorSecurityDriver = {
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0e75319..9c0017b 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -171,7 +171,7 @@ virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
static int
virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk)
{
@@ -190,7 +190,7 @@ virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr,
static int
virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk,
int migrated)
{
@@ -235,10 +235,10 @@ virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
static int
virSecurityDACRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk)
{
- return virSecurityDACRestoreSecurityImageLabelInt(mgr, vm, disk, 0);
+ return virSecurityDACRestoreSecurityImageLabelInt(mgr, def, disk, 0);
}
@@ -268,7 +268,7 @@ virSecurityDACSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
static int
virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
virDomainHostdevDefPtr dev)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -338,7 +338,7 @@ virSecurityDACRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
static int
virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
virDomainHostdevDefPtr dev)
{
@@ -489,7 +489,7 @@ virSecurityDACRestoreChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
static int
virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int migrated)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -501,34 +501,34 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
VIR_DEBUG("Restoring security label on %s migrated=%d",
- vm->def->name, migrated);
+ def->name, migrated);
- for (i = 0 ; i < vm->def->nhostdevs ; i++) {
+ for (i = 0 ; i < def->nhostdevs ; i++) {
if (virSecurityDACRestoreSecurityHostdevLabel(mgr,
- vm,
- vm->def->hostdevs[i]) < 0)
+ def,
+ def->hostdevs[i]) < 0)
rc = -1;
}
- for (i = 0 ; i < vm->def->ndisks ; i++) {
+ for (i = 0 ; i < def->ndisks ; i++) {
if (virSecurityDACRestoreSecurityImageLabelInt(mgr,
- vm,
- vm->def->disks[i],
+ def,
+ def->disks[i],
migrated) < 0)
rc = -1;
}
- if (virDomainChrDefForeach(vm->def,
+ if (virDomainChrDefForeach(def,
false,
virSecurityDACRestoreChardevCallback,
mgr) < 0)
rc = -1;
- if (vm->def->os.kernel &&
- virSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
+ if (def->os.kernel &&
+ virSecurityDACRestoreSecurityFileLabel(def->os.kernel) < 0)
rc = -1;
- if (vm->def->os.initrd &&
- virSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
+ if (def->os.initrd &&
+ virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
rc = -1;
return rc;
@@ -548,7 +548,7 @@ virSecurityDACSetChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
static int
virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *stdin_path ATTRIBUTE_UNUSED)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -557,36 +557,36 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
if (!priv->dynamicOwnership)
return 0;
- for (i = 0 ; i < vm->def->ndisks ; i++) {
+ for (i = 0 ; i < def->ndisks ; i++) {
/* XXX fixme - we need to recursively label the entire tree :-( */
- if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
+ if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
continue;
if (virSecurityDACSetSecurityImageLabel(mgr,
- vm,
- vm->def->disks[i]) < 0)
+ def,
+ def->disks[i]) < 0)
return -1;
}
- for (i = 0 ; i < vm->def->nhostdevs ; i++) {
+ for (i = 0 ; i < def->nhostdevs ; i++) {
if (virSecurityDACSetSecurityHostdevLabel(mgr,
- vm,
- vm->def->hostdevs[i]) < 0)
+ def,
+ def->hostdevs[i]) < 0)
return -1;
}
- if (virDomainChrDefForeach(vm->def,
+ if (virDomainChrDefForeach(def,
true,
virSecurityDACSetChardevCallback,
mgr) < 0)
return -1;
- if (vm->def->os.kernel &&
- virSecurityDACSetOwnership(vm->def->os.kernel,
+ if (def->os.kernel &&
+ virSecurityDACSetOwnership(def->os.kernel,
priv->user,
priv->group) < 0)
return -1;
- if (vm->def->os.initrd &&
- virSecurityDACSetOwnership(vm->def->os.initrd,
+ if (def->os.initrd &&
+ virSecurityDACSetOwnership(def->os.initrd,
priv->user,
priv->group) < 0)
return -1;
@@ -597,7 +597,7 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
static int
virSecurityDACSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
const char *savefile)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -608,7 +608,7 @@ virSecurityDACSetSavedStateLabel(virSecurityManagerPtr mgr,
static int
virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
const char *savefile)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -622,11 +622,11 @@ virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr,
static int
virSecurityDACSetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
- VIR_DEBUG("Dropping privileges of VM to %u:%u",
+ VIR_DEBUG("Dropping privileges of DEF to %u:%u",
(unsigned int) priv->user, (unsigned int) priv->group);
if (virSetUIDGID(priv->user, priv->group) < 0)
@@ -645,28 +645,30 @@ virSecurityDACVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
virSecurityDACGenLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
static int
virSecurityDACReleaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
static int
virSecurityDACReserveLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ pid_t pid ATTRIBUTE_UNUSED)
{
return 0;
}
static int
virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ pid_t pid ATTRIBUTE_UNUSED,
virSecurityLabelPtr seclabel ATTRIBUTE_UNUSED)
{
return 0;
@@ -674,7 +676,7 @@ virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
@@ -682,7 +684,7 @@ virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
@@ -690,20 +692,19 @@ virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
virSecurityDACClearSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
static int
virSecurityDACSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
int fd ATTRIBUTE_UNUSED)
{
return 0;
}
-
virSecurityDriver virSecurityDriverDAC = {
sizeof(virSecurityDACData),
"virDAC",
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index aea90b0..f0ace1c 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -39,50 +39,52 @@ typedef const char *(*virSecurityDriverGetModel) (virSecurityManagerPtr mgr);
typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk);
typedef int (*virSecurityDomainSetDaemonSocketLabel)(virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr vm);
typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr def);
typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr def);
typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk);
typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev);
typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev);
typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile);
typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile);
typedef int (*virSecurityDomainGenLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr sec);
+ virDomainDefPtr sec);
typedef int (*virSecurityDomainReserveLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr sec);
+ virDomainDefPtr sec,
+ pid_t pid);
typedef int (*virSecurityDomainReleaseLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr sec);
+ virDomainDefPtr sec);
typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr sec,
+ virDomainDefPtr sec,
const char *stdin_path);
typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int migrated);
typedef int (*virSecurityDomainGetProcessLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
+ pid_t pid,
virSecurityLabelPtr sec);
typedef int (*virSecurityDomainSetProcessLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr def);
typedef int (*virSecurityDomainSecurityVerify) (virSecurityManagerPtr mgr,
virDomainDefPtr def);
typedef int (*virSecurityDomainSetImageFDLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int fd);
struct _virSecurityDriver {
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index cae9b83..2e4956a 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -150,7 +150,7 @@ bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr)
}
int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainDiskDefPtr disk)
{
if (mgr->drv->domainRestoreSecurityImageLabel)
@@ -161,7 +161,7 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
if (mgr->drv->domainSetSecurityDaemonSocketLabel)
return mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm);
@@ -171,7 +171,7 @@ int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
if (mgr->drv->domainSetSecuritySocketLabel)
return mgr->drv->domainSetSecuritySocketLabel(mgr, vm);
@@ -181,7 +181,7 @@ int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
if (mgr->drv->domainClearSecuritySocketLabel)
return mgr->drv->domainClearSecuritySocketLabel(mgr, vm);
@@ -191,7 +191,7 @@ int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainDiskDefPtr disk)
{
if (mgr->drv->domainSetSecurityImageLabel)
@@ -202,7 +202,7 @@ int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainHostdevDefPtr dev)
{
if (mgr->drv->domainRestoreSecurityHostdevLabel)
@@ -213,7 +213,7 @@ int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainHostdevDefPtr dev)
{
if (mgr->drv->domainSetSecurityHostdevLabel)
@@ -224,7 +224,7 @@ int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
const char *savefile)
{
if (mgr->drv->domainSetSavedStateLabel)
@@ -235,7 +235,7 @@ int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
const char *savefile)
{
if (mgr->drv->domainRestoreSavedStateLabel)
@@ -246,7 +246,7 @@ int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
if (mgr->drv->domainGenSecurityLabel)
return mgr->drv->domainGenSecurityLabel(mgr, vm);
@@ -256,17 +256,18 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm,
+ pid_t pid)
{
if (mgr->drv->domainReserveSecurityLabel)
- return mgr->drv->domainReserveSecurityLabel(mgr, vm);
+ return mgr->drv->domainReserveSecurityLabel(mgr, vm, pid);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
int virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
if (mgr->drv->domainReleaseSecurityLabel)
return mgr->drv->domainReleaseSecurityLabel(mgr, vm);
@@ -276,7 +277,7 @@ int virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
const char *stdin_path)
{
if (mgr->drv->domainSetSecurityAllLabel)
@@ -287,7 +288,7 @@ int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
int migrated)
{
if (mgr->drv->domainRestoreSecurityAllLabel)
@@ -298,18 +299,19 @@ int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
}
int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
+ pid_t pid,
virSecurityLabelPtr sec)
{
if (mgr->drv->domainGetSecurityProcessLabel)
- return mgr->drv->domainGetSecurityProcessLabel(mgr, vm, sec);
+ return mgr->drv->domainGetSecurityProcessLabel(mgr, vm, pid, sec);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
if (mgr->drv->domainSetSecurityProcessLabel)
return mgr->drv->domainSetSecurityProcessLabel(mgr, vm);
@@ -337,7 +339,7 @@ int virSecurityManagerVerify(virSecurityManagerPtr mgr,
}
int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
int fd)
{
if (mgr->drv->domainSetSecurityImageFDLabel)
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 12cd498..6731d59 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -51,50 +51,52 @@ const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk);
int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr vm);
int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr def);
int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr def);
int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk);
int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev);
int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev);
int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile);
int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile);
int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr sec);
+ virDomainDefPtr sec);
int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr sec);
+ virDomainDefPtr sec,
+ pid_t pid);
int virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr sec);
+ virDomainDefPtr sec);
int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr sec,
+ virDomainDefPtr sec,
const char *stdin_path);
int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int migrated);
int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
+ pid_t pid,
virSecurityLabelPtr sec);
int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm);
+ virDomainDefPtr def);
int virSecurityManagerVerify(virSecurityManagerPtr mgr,
virDomainDefPtr def);
int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int fd);
#endif /* VIR_SECURITY_MANAGER_H__ */
diff --git a/src/security/security_nop.c b/src/security/security_nop.c
index a68a6c0..c3bd426 100644
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -47,104 +47,106 @@ static const char * virSecurityDriverGetDOINop(virSecurityManagerPtr mgr ATTRIBU
}
static int virSecurityDomainRestoreImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetDaemonSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainClearSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainRestoreHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetSavedStateLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
const char *savefile ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainRestoreSavedStateLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
const char *savefile ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainGenLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr sec ATTRIBUTE_UNUSED)
+ virDomainDefPtr sec ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainReserveLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr sec ATTRIBUTE_UNUSED)
+ virDomainDefPtr sec ATTRIBUTE_UNUSED,
+ pid_t pid ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainReleaseLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr sec ATTRIBUTE_UNUSED)
+ virDomainDefPtr sec ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr sec ATTRIBUTE_UNUSED,
+ virDomainDefPtr sec ATTRIBUTE_UNUSED,
const char *stdin_path ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainRestoreAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
int migrated ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainGetProcessLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
+ pid_t pid ATTRIBUTE_UNUSED,
virSecurityLabelPtr sec ATTRIBUTE_UNUSED)
{
return 0;
}
static int virSecurityDomainSetProcessLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
@@ -156,7 +158,7 @@ static int virSecurityDomainVerifyNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED
}
static int virSecurityDomainSetFDLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr sec ATTRIBUTE_UNUSED,
+ virDomainDefPtr sec ATTRIBUTE_UNUSED,
int fd ATTRIBUTE_UNUSED)
{
return 0;
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 78c0d45..8b7c0ed 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -162,7 +162,7 @@ SELinuxInitialize(void)
static int
SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
int rc = -1;
char *mcs = NULL;
@@ -171,40 +171,40 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
int c2 = 0;
context_t ctx = NULL;
- if ((vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) &&
- !vm->def->seclabel.baselabel &&
- vm->def->seclabel.model) {
+ if ((def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) &&
+ !def->seclabel.baselabel &&
+ def->seclabel.model) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security model already defined for VM"));
return rc;
}
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
- vm->def->seclabel.label) {
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+ def->seclabel.label) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security label already defined for VM"));
return rc;
}
- if (vm->def->seclabel.imagelabel) {
+ if (def->seclabel.imagelabel) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security image label already defined for VM"));
return rc;
}
- if (vm->def->seclabel.model &&
- STRNEQ(vm->def->seclabel.model, SECURITY_SELINUX_NAME)) {
+ if (def->seclabel.model &&
+ STRNEQ(def->seclabel.model, SECURITY_SELINUX_NAME)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("security label model %s is not supported with selinux"),
- vm->def->seclabel.model);
+ def->seclabel.model);
return rc;
}
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) {
- if (!(ctx = context_new(vm->def->seclabel.label)) ) {
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) {
+ if (!(ctx = context_new(def->seclabel.label)) ) {
virReportSystemError(errno,
_("unable to allocate socket security context '%s'"),
- vm->def->seclabel.label);
+ def->seclabel.label);
return rc;
}
@@ -237,25 +237,25 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
}
} while (mcsAdd(mcs) == -1);
- vm->def->seclabel.label =
- SELinuxGenNewContext(vm->def->seclabel.baselabel ?
- vm->def->seclabel.baselabel :
+ def->seclabel.label =
+ SELinuxGenNewContext(def->seclabel.baselabel ?
+ def->seclabel.baselabel :
default_domain_context, mcs);
- if (! vm->def->seclabel.label) {
+ if (! def->seclabel.label) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs);
goto cleanup;
}
}
- vm->def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs);
- if (!vm->def->seclabel.imagelabel) {
+ def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs);
+ if (!def->seclabel.imagelabel) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs);
goto cleanup;
}
- if (!vm->def->seclabel.model &&
- !(vm->def->seclabel.model = strdup(SECURITY_SELINUX_NAME))) {
+ if (!def->seclabel.model &&
+ !(def->seclabel.model = strdup(SECURITY_SELINUX_NAME))) {
virReportOOMError();
goto cleanup;
}
@@ -264,12 +264,12 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
cleanup:
if (rc != 0) {
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC)
- VIR_FREE(vm->def->seclabel.label);
- VIR_FREE(vm->def->seclabel.imagelabel);
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
- !vm->def->seclabel.baselabel)
- VIR_FREE(vm->def->seclabel.model);
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC)
+ VIR_FREE(def->seclabel.label);
+ VIR_FREE(def->seclabel.imagelabel);
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
+ !def->seclabel.baselabel)
+ VIR_FREE(def->seclabel.model);
}
if (ctx)
@@ -278,28 +278,29 @@ cleanup:
VIR_FREE(mcs);
VIR_DEBUG("model=%s label=%s imagelabel=%s baselabel=%s",
- NULLSTR(vm->def->seclabel.model),
- NULLSTR(vm->def->seclabel.label),
- NULLSTR(vm->def->seclabel.imagelabel),
- NULLSTR(vm->def->seclabel.baselabel));
+ NULLSTR(def->seclabel.model),
+ NULLSTR(def->seclabel.label),
+ NULLSTR(def->seclabel.imagelabel),
+ NULLSTR(def->seclabel.baselabel));
return rc;
}
static int
SELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+ virDomainDefPtr def,
+ pid_t pid)
{
security_context_t pctx;
context_t ctx = NULL;
const char *mcs;
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
+ if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
- if (getpidcon(vm->pid, &pctx) == -1) {
+ if (getpidcon(pid, &pctx) == -1) {
virReportSystemError(errno,
- _("unable to get PID %d security context"), vm->pid);
+ _("unable to get PID %d security context"), pid);
return -1;
}
@@ -360,15 +361,16 @@ static const char *SELinuxSecurityGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNU
static int
SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ pid_t pid,
virSecurityLabelPtr sec)
{
security_context_t ctx;
- if (getpidcon(vm->pid, &ctx) == -1) {
+ if (getpidcon(pid, &ctx) == -1) {
virReportSystemError(errno,
_("unable to get PID %d security context"),
- vm->pid);
+ pid);
return -1;
}
@@ -543,11 +545,11 @@ err:
static int
SELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk,
int migrated)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->norelabel)
return 0;
@@ -588,10 +590,10 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
SELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk)
{
- return SELinuxRestoreSecurityImageLabelInt(mgr, vm, disk, 0);
+ return SELinuxRestoreSecurityImageLabelInt(mgr, def, disk, 0);
}
@@ -626,11 +628,11 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
static int
SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainDiskDefPtr disk)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
bool allowDiskFormatProbing = virSecurityManagerGetAllowDiskFormatProbing(mgr);
if (secdef->norelabel)
@@ -648,8 +650,8 @@ static int
SELinuxSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
const char *file, void *opaque)
{
- virDomainObjPtr vm = opaque;
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ virDomainDefPtr def = opaque;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
return SELinuxSetFilecon(file, secdef->imagelabel);
}
@@ -658,19 +660,19 @@ static int
SELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
const char *file, void *opaque)
{
- virDomainObjPtr vm = opaque;
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ virDomainDefPtr def = opaque;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
return SELinuxSetFilecon(file, secdef->imagelabel);
}
static int
SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int ret = -1;
if (secdef->norelabel)
@@ -687,7 +689,7 @@ SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (!usb)
goto done;
- ret = usbDeviceFileIterate(usb, SELinuxSetSecurityUSBLabel, vm);
+ ret = usbDeviceFileIterate(usb, SELinuxSetSecurityUSBLabel, def);
usbFreeDevice(usb);
break;
}
@@ -701,7 +703,7 @@ SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (!pci)
goto done;
- ret = pciDeviceFileIterate(pci, SELinuxSetSecurityPCILabel, vm);
+ ret = pciDeviceFileIterate(pci, SELinuxSetSecurityPCILabel, def);
pciFreeDevice(pci);
break;
@@ -735,11 +737,11 @@ SELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
static int
SELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
virDomainHostdevDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int ret = -1;
if (secdef->norelabel)
@@ -788,11 +790,11 @@ done:
static int
-SELinuxSetSecurityChardevLabel(virDomainObjPtr vm,
+SELinuxSetSecurityChardevLabel(virDomainDefPtr def,
virDomainChrSourceDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
char *in = NULL, *out = NULL;
int ret = -1;
@@ -834,11 +836,11 @@ done:
}
static int
-SELinuxRestoreSecurityChardevLabel(virDomainObjPtr vm,
+SELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
virDomainChrSourceDefPtr dev)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
char *in = NULL, *out = NULL;
int ret = -1;
@@ -882,27 +884,24 @@ done:
static int
-SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def,
virDomainChrDefPtr dev,
- void *opaque)
+ void *opaque ATTRIBUTE_UNUSED)
{
- virDomainObjPtr vm = opaque;
-
/* This is taken care of by processing of def->serials */
if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE &&
dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
return 0;
- return SELinuxRestoreSecurityChardevLabel(vm, &dev->source);
+ return SELinuxRestoreSecurityChardevLabel(def, &dev->source);
}
static int
-SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
virDomainSmartcardDefPtr dev,
- void *opaque)
+ void *opaque ATTRIBUTE_UNUSED)
{
- virDomainObjPtr vm = opaque;
const char *database;
switch (dev->type) {
@@ -916,7 +915,7 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
return SELinuxRestoreSecurityFileLabel(database);
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
- return SELinuxRestoreSecurityChardevLabel(vm, &dev->data.passthru);
+ return SELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru);
default:
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
@@ -931,50 +930,50 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
static int
SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int migrated ATTRIBUTE_UNUSED)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int i;
int rc = 0;
- VIR_DEBUG("Restoring security label on %s", vm->def->name);
+ VIR_DEBUG("Restoring security label on %s", def->name);
if (secdef->norelabel)
return 0;
- for (i = 0 ; i < vm->def->nhostdevs ; i++) {
+ for (i = 0 ; i < def->nhostdevs ; i++) {
if (SELinuxRestoreSecurityHostdevLabel(mgr,
- vm,
- vm->def->hostdevs[i]) < 0)
+ def,
+ def->hostdevs[i]) < 0)
rc = -1;
}
- for (i = 0 ; i < vm->def->ndisks ; i++) {
+ for (i = 0 ; i < def->ndisks ; i++) {
if (SELinuxRestoreSecurityImageLabelInt(mgr,
- vm,
- vm->def->disks[i],
+ def,
+ def->disks[i],
migrated) < 0)
rc = -1;
}
- if (virDomainChrDefForeach(vm->def,
+ if (virDomainChrDefForeach(def,
false,
SELinuxRestoreSecurityChardevCallback,
- vm) < 0)
+ NULL) < 0)
rc = -1;
- if (virDomainSmartcardDefForeach(vm->def,
+ if (virDomainSmartcardDefForeach(def,
false,
SELinuxRestoreSecuritySmartcardCallback,
- vm) < 0)
+ NULL) < 0)
rc = -1;
- if (vm->def->os.kernel &&
- SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
+ if (def->os.kernel &&
+ SELinuxRestoreSecurityFileLabel(def->os.kernel) < 0)
rc = -1;
- if (vm->def->os.initrd &&
- SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
+ if (def->os.initrd &&
+ SELinuxRestoreSecurityFileLabel(def->os.initrd) < 0)
rc = -1;
return rc;
@@ -982,9 +981,9 @@ SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
if (secdef->label != NULL) {
@@ -1006,10 +1005,10 @@ SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
SELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->norelabel)
return 0;
@@ -1020,10 +1019,10 @@ SELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
SELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *savefile)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->norelabel)
return 0;
@@ -1058,12 +1057,12 @@ SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int
SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
/* TODO: verify DOI */
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
- if (vm->def->seclabel.label == NULL)
+ if (def->seclabel.label == NULL)
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -1089,16 +1088,16 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
static int
SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
/* TODO: verify DOI */
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
context_t execcon = NULL;
context_t proccon = NULL;
security_context_t scon = NULL;
int rc = -1;
- if (vm->def->seclabel.label == NULL)
+ if (def->seclabel.label == NULL)
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -1139,7 +1138,7 @@ SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
}
VIR_DEBUG("Setting VM %s socket context %s",
- vm->def->name, context_str(proccon));
+ def->name, context_str(proccon));
if (setsockcreatecon(context_str(proccon)) == -1) {
virReportSystemError(errno,
_("unable to set socket security context '%s'"),
@@ -1160,9 +1159,9 @@ done:
static int
SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &vm->seclabel;
int rc = -1;
if (secdef->label == NULL)
@@ -1178,7 +1177,7 @@ SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
}
VIR_DEBUG("Setting VM %s socket context %s",
- vm->def->name, secdef->label);
+ vm->name, secdef->label);
if (setsockcreatecon(secdef->label) == -1) {
virReportSystemError(errno,
_("unable to set socket security context '%s'"),
@@ -1197,12 +1196,12 @@ done:
static int
SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr def)
{
/* TODO: verify DOI */
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
- if (vm->def->seclabel.label == NULL)
+ if (def->seclabel.label == NULL)
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -1227,27 +1226,24 @@ SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
static int
-SELinuxSetSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+SELinuxSetSecurityChardevCallback(virDomainDefPtr def,
virDomainChrDefPtr dev,
- void *opaque)
+ void *opaque ATTRIBUTE_UNUSED)
{
- virDomainObjPtr vm = opaque;
-
/* This is taken care of by processing of def->serials */
if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE &&
dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
return 0;
- return SELinuxSetSecurityChardevLabel(vm, &dev->source);
+ return SELinuxSetSecurityChardevLabel(def, &dev->source);
}
static int
-SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
virDomainSmartcardDefPtr dev,
- void *opaque)
+ void *opaque ATTRIBUTE_UNUSED)
{
- virDomainObjPtr vm = opaque;
const char *database;
switch (dev->type) {
@@ -1261,7 +1257,7 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
return SELinuxSetFilecon(database, default_content_context);
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
- return SELinuxSetSecurityChardevLabel(vm, &dev->data.passthru);
+ return SELinuxSetSecurityChardevLabel(def, &dev->data.passthru);
default:
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
@@ -1276,53 +1272,53 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
static int
SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
const char *stdin_path)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
int i;
if (secdef->norelabel)
return 0;
- for (i = 0 ; i < vm->def->ndisks ; i++) {
+ for (i = 0 ; i < def->ndisks ; i++) {
/* XXX fixme - we need to recursively label the entire tree :-( */
- if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR) {
+ if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR) {
VIR_WARN("Unable to relabel directory tree %s for disk %s",
- vm->def->disks[i]->src, vm->def->disks[i]->dst);
+ def->disks[i]->src, def->disks[i]->dst);
continue;
}
if (SELinuxSetSecurityImageLabel(mgr,
- vm, vm->def->disks[i]) < 0)
+ def, def->disks[i]) < 0)
return -1;
}
- /* XXX fixme process vm->def->fss if relabel == true */
+ /* XXX fixme process def->fss if relabel == true */
- for (i = 0 ; i < vm->def->nhostdevs ; i++) {
+ for (i = 0 ; i < def->nhostdevs ; i++) {
if (SELinuxSetSecurityHostdevLabel(mgr,
- vm,
- vm->def->hostdevs[i]) < 0)
+ def,
+ def->hostdevs[i]) < 0)
return -1;
}
- if (virDomainChrDefForeach(vm->def,
+ if (virDomainChrDefForeach(def,
true,
SELinuxSetSecurityChardevCallback,
- vm) < 0)
+ NULL) < 0)
return -1;
- if (virDomainSmartcardDefForeach(vm->def,
+ if (virDomainSmartcardDefForeach(def,
true,
SELinuxSetSecuritySmartcardCallback,
- vm) < 0)
+ NULL) < 0)
return -1;
- if (vm->def->os.kernel &&
- SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
+ if (def->os.kernel &&
+ SELinuxSetFilecon(def->os.kernel, default_content_context) < 0)
return -1;
- if (vm->def->os.initrd &&
- SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0)
+ if (def->os.initrd &&
+ SELinuxSetFilecon(def->os.initrd, default_content_context) < 0)
return -1;
if (stdin_path) {
@@ -1337,10 +1333,10 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
static int
SELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+ virDomainDefPtr def,
int fd)
{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->imagelabel == NULL)
return 0;
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 3f601c1..c82865f 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -106,7 +106,7 @@ virSecurityStackVerify(virSecurityManagerPtr mgr,
static int
virSecurityStackGenLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
@@ -131,7 +131,7 @@ virSecurityStackGenLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackReleaseLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
@@ -150,16 +150,17 @@ virSecurityStackReleaseLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackReserveLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm,
+ pid_t pid)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
- if (virSecurityManagerReserveLabel(priv->primary, vm) < 0)
+ if (virSecurityManagerReserveLabel(priv->primary, vm, pid) < 0)
rc = -1;
#if 0
/* XXX See note in GenLabel */
- if (virSecurityManagerReserveLabel(priv->secondary, vm) < 0)
+ if (virSecurityManagerReserveLabel(priv->secondary, vm, pid) < 0)
rc = -1;
#endif
@@ -169,7 +170,7 @@ virSecurityStackReserveLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainDiskDefPtr disk)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -186,7 +187,7 @@ virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainDiskDefPtr disk)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -203,7 +204,7 @@ virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainHostdevDefPtr dev)
{
@@ -221,7 +222,7 @@ virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
virDomainHostdevDefPtr dev)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -238,7 +239,7 @@ virSecurityStackRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
const char *stdin_path)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -255,7 +256,7 @@ virSecurityStackSetSecurityAllLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
int migrated)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -272,7 +273,7 @@ virSecurityStackRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
const char *savefile)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -289,7 +290,7 @@ virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
const char *savefile)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
@@ -306,7 +307,7 @@ virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
@@ -321,17 +322,18 @@ virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
+ pid_t pid,
virSecurityLabelPtr seclabel)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
#if 0
- if (virSecurityManagerGetProcessLabel(priv->secondary, vm, seclabel) < 0)
+ if (virSecurityManagerGetProcessLabel(priv->secondary, vm, pid, seclabel) < 0)
rc = -1;
#endif
- if (virSecurityManagerGetProcessLabel(priv->primary, vm, seclabel) < 0)
+ if (virSecurityManagerGetProcessLabel(priv->primary, vm, pid, seclabel) < 0)
rc = -1;
return rc;
@@ -340,7 +342,7 @@ virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetDaemonSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
@@ -356,7 +358,7 @@ virSecurityStackSetDaemonSocketLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
@@ -372,7 +374,7 @@ virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackClearSocketLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm)
+ virDomainDefPtr vm)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
@@ -387,7 +389,7 @@ virSecurityStackClearSocketLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetImageFDLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
+ virDomainDefPtr vm,
int fd)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
--
1.7.6.4
12 years, 11 months
[libvirt] [PATCH v2] Add new attribute writeout to <filesystem> element
by Deepak C Shetty
This introduces new attribute writeout with only supported
value as immediate. This will be an optional
attribute with no defaults. This helps specify whether
to skip the host page cache.
When writeout is specified, meaning when writeout=immediate
a writeback is explicitly initiated for the dirty pages in
the host page cache as part of the guest file write operation.
Usage:
<filesystem type='mount' accessmode='passthrough' writeout='immediate'>
<source dir='/export/to/guest'/>
<target dir='mount_tag'/>
</filesystem>
Currently this only works with type='mount' for the QEMU/KVM driver.
Signed-off-by: Deepak C Shetty <deepakcs(a)linux.vnet.ibm.com>
---
v2:
- added writeout as a qemu cap
- cosmetic changes in comments
- moved to using VIR_ERR_CONFIG_UNSUPPORTED
- corrected doc
docs/formatdomain.html.in | 9 ++++++++-
docs/schemas/domaincommon.rng | 5 +++++
src/conf/domain_conf.c | 29 +++++++++++++++++++++++++++--
src/conf/domain_conf.h | 10 ++++++++++
src/qemu/qemu_capabilities.c | 3 +++
src/qemu/qemu_capabilities.h | 5 +++--
src/qemu/qemu_command.c | 14 ++++++++++++++
7 files changed, 70 insertions(+), 5 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 9cf0f12..93f754a 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1303,7 +1303,7 @@
<source name='my-vm-template'/>
<target dir='/'/>
</filesystem>
- <filesystem type='mount' accessmode='passthrough'>
+ <filesystem type='mount' accessmode='passthrough' writeout='immediate'>
<driver type='path'/>
<source dir='/export/to/guest'/>
<target dir='/import/from/host'/>
@@ -1379,6 +1379,13 @@
</dd>
</dl>
+ The filesystem block has an optional attribute <code>writeout</code> with the only
+ supported value as <code>immediate</code>. It helps specify whether to skip the host page cache.
+ When writeout is specified, meaning when writeout=immediate a writeback is explicitly initiated
+ for the dirty pages in the host page cache as part of the guest file write operation.
+ When this attribute is not specified, there are no defaults, meaning explicit writeback won't
+ be initiated.
+
</dd>
<dt><code>source</code></dt>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 553a6f0..0b37f05 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1106,6 +1106,11 @@
<value>squash</value>
</choice>
</attribute>
+ <attribute name="writeout">
+ <choice>
+ <value>immediate</value>
+ </choice>
+ </attribute>
</optional>
</element>
</define>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 495ed33..a548b90 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -257,6 +257,9 @@ VIR_ENUM_IMPL(virDomainFSAccessMode, VIR_DOMAIN_FS_ACCESSMODE_LAST,
"mapped",
"squash")
+VIR_ENUM_IMPL(virDomainFSWriteout, VIR_DOMAIN_FS_WRITEOUT_LAST,
+ "default",
+ "immediate")
VIR_ENUM_IMPL(virDomainNet, VIR_DOMAIN_NET_TYPE_LAST,
"user",
@@ -3297,6 +3300,7 @@ virDomainFSDefParseXML(xmlNodePtr node,
char *source = NULL;
char *target = NULL;
char *accessmode = NULL;
+ char *writeout = NULL;
if (VIR_ALLOC(def) < 0) {
virReportOOMError();
@@ -3325,6 +3329,17 @@ virDomainFSDefParseXML(xmlNodePtr node,
def->accessmode = VIR_DOMAIN_FS_ACCESSMODE_PASSTHROUGH;
}
+ writeout = virXMLPropString(node, "writeout");
+ if (writeout) {
+ if ((def->writeout = virDomainFSWriteoutTypeFromString(writeout)) < 0) {
+ virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("unknown filesystem writeout '%s'"), writeout);
+ goto error;
+ }
+ } else {
+ def->writeout = VIR_DOMAIN_FS_WRITEOUT_DEFAULT;
+ }
+
cur = node->children;
while (cur != NULL) {
if (cur->type == XML_ELEMENT_NODE) {
@@ -3387,6 +3402,7 @@ cleanup:
VIR_FREE(target);
VIR_FREE(source);
VIR_FREE(accessmode);
+ VIR_FREE(writeout);
return def;
@@ -10046,6 +10062,7 @@ virDomainFSDefFormat(virBufferPtr buf,
const char *type = virDomainFSTypeToString(def->type);
const char *accessmode = virDomainFSAccessModeTypeToString(def->accessmode);
const char *fsdriver = virDomainFSDriverTypeTypeToString(def->fsdriver);
+ const char *writeout = virDomainFSWriteoutTypeToString(def->writeout);
if (!type) {
virDomainReportError(VIR_ERR_INTERNAL_ERROR,
@@ -10062,12 +10079,20 @@ virDomainFSDefFormat(virBufferPtr buf,
if (def->fsdriver == VIR_DOMAIN_FS_DRIVER_TYPE_PATH ||
def->fsdriver == VIR_DOMAIN_FS_DRIVER_TYPE_DEFAULT) {
virBufferAsprintf(buf,
- " <filesystem type='%s' accessmode='%s'>\n",
+ " <filesystem type='%s' accessmode='%s'",
type, accessmode);
} else {
virBufferAsprintf(buf,
- " <filesystem type='%s'>\n", type);
+ " <filesystem type='%s'", type);
}
+
+ /* Don't generate anything if writeout is set to default */
+ if (def->writeout) {
+ virBufferAsprintf(buf, " writeout='%s'", writeout);
+ }
+
+ /* close the filesystem element */
+ virBufferAddLit(buf,">\n");
if (def->fsdriver) {
virBufferAsprintf(buf, " <driver type='%s'/>\n", fsdriver);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 1f6e442..6f65b4a 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -459,12 +459,21 @@ enum virDomainFSAccessMode {
VIR_DOMAIN_FS_ACCESSMODE_LAST
};
+/* Filesystem Writeout */
+enum virDomainFSWriteout {
+ VIR_DOMAIN_FS_WRITEOUT_DEFAULT = 0,
+ VIR_DOMAIN_FS_WRITEOUT_IMMEDIATE,
+
+ VIR_DOMAIN_FS_WRITEOUT_LAST
+};
+
typedef struct _virDomainFSDef virDomainFSDef;
typedef virDomainFSDef *virDomainFSDefPtr;
struct _virDomainFSDef {
int type;
int fsdriver;
int accessmode;
+ int writeout;
char *src;
char *dst;
unsigned int readonly : 1;
@@ -1974,6 +1983,7 @@ VIR_ENUM_DECL(virDomainControllerModelUSB)
VIR_ENUM_DECL(virDomainFS)
VIR_ENUM_DECL(virDomainFSDriverType)
VIR_ENUM_DECL(virDomainFSAccessMode)
+VIR_ENUM_DECL(virDomainFSWriteout)
VIR_ENUM_DECL(virDomainNet)
VIR_ENUM_DECL(virDomainNetBackend)
VIR_ENUM_DECL(virDomainNetVirtioTxMode)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 43c7578..2af16f3 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -144,6 +144,7 @@ VIR_ENUM_IMPL(qemuCaps, QEMU_CAPS_LAST,
"ich9-ahci",
"no-acpi",
"fsdev-readonly",
+ "fsdev-writeout",
);
struct qemu_feature_flags {
@@ -1083,6 +1084,8 @@ qemuCapsComputeCmdFlags(const char *help,
qemuCapsSet(flags, QEMU_CAPS_FSDEV);
if (strstr(fsdev, "readonly"))
qemuCapsSet(flags, QEMU_CAPS_FSDEV_READONLY);
+ if (strstr(fsdev, "writeout"))
+ qemuCapsSet(flags, QEMU_CAPS_FSDEV_WRITEOUT);
}
if (strstr(help, "-smbios type"))
qemuCapsSet(flags, QEMU_CAPS_SMBIOS_TYPE);
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index c759baf..5b2f932 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -113,10 +113,11 @@ enum qemuCapsFlags {
QEMU_CAPS_NO_SHUTDOWN = 74, /* usable -no-shutdown */
QEMU_CAPS_DRIVE_CACHE_UNSAFE = 75, /* Is cache=unsafe supported? */
- QEMU_CAPS_PCI_ROMBAR = 76, /* -device rombar=0|1 */
+ QEMU_CAPS_PCI_ROMBAR = 76, /* -device rombar=0|1 */
QEMU_CAPS_ICH9_AHCI = 77, /* -device ich9-ahci */
QEMU_CAPS_NO_ACPI = 78, /* -no-acpi */
- QEMU_CAPS_FSDEV_READONLY =79, /* -fsdev readonly supported */
+ QEMU_CAPS_FSDEV_READONLY = 79, /* -fsdev readonly supported */
+ QEMU_CAPS_FSDEV_WRITEOUT = 80, /* -fsdev writeout supported */
QEMU_CAPS_LAST, /* this must always be the last item */
};
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 76f3632..adfc738 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -108,6 +108,10 @@ VIR_ENUM_IMPL(qemuDomainFSDriver, VIR_DOMAIN_FS_DRIVER_TYPE_LAST,
"local",
"handle");
+VIR_ENUM_DECL(qemuDomainFSWriteout)
+VIR_ENUM_IMPL(qemuDomainFSWriteout, VIR_DOMAIN_FS_WRITEOUT_LAST,
+ "default",
+ "immediate");
static void
uname_normalize (struct utsname *ut)
@@ -2084,6 +2088,7 @@ char *qemuBuildFSStr(virDomainFSDefPtr fs,
{
virBuffer opt = VIR_BUFFER_INITIALIZER;
const char *driver = qemuDomainFSDriverTypeToString(fs->fsdriver);
+ const char *writeout = qemuDomainFSWriteoutTypeToString(fs->writeout);
if (fs->type != VIR_DOMAIN_FS_TYPE_MOUNT) {
qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@@ -2108,6 +2113,15 @@ char *qemuBuildFSStr(virDomainFSDefPtr fs,
virBufferAddLit(&opt, ",security_model=none");
}
}
+
+ if (fs->writeout != VIR_DOMAIN_FS_WRITEOUT_DEFAULT) {
+ if (qemuCapsGet(qemuCaps, QEMU_CAPS_FSDEV_WRITEOUT)) {
+ virBufferAsprintf(&opt, ",writeout=%s", writeout);
+ } else {
+ qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("filesystem writeout not supported"));
+ }
+ }
virBufferAsprintf(&opt, ",id=%s%s", QEMU_FSDEV_HOST_PREFIX, fs->info.alias);
virBufferAsprintf(&opt, ",path=%s", fs->src);
12 years, 11 months