[libvirt] [PATCH RFC 09/12] Add configuration to QEMU driver to support access control managers
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Introduce a new 'access_driver' configuration parameter which
specifies the name of the access control manager driver to
activate. By default the 'no op' driver is active
---
src/qemu/qemu.conf | 5 +++++
src/qemu/qemu_conf.c | 10 ++++++++++
src/qemu/qemu_conf.h | 3 +++
src/qemu/qemu_driver.c | 24 ++++++++++++++++++++++++
4 files changed, 42 insertions(+), 0 deletions(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 4ec5e6c..866905f 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -139,6 +139,11 @@
# security_driver = "selinux"
+# There is no default access control driver
+#
+# access_driver = "polkit"
+
+
# The user ID for QEMU processes run by the system instance.
#user = "root"
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index bc0a646..cb10f7a 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -195,6 +195,16 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
}
}
+ p = virConfGetValue (conf, "access_driver");
+ CHECK_TYPE ("access_driver", VIR_CONF_STRING);
+ if (p && p->str) {
+ if (!(driver->accessDriverName = strdup(p->str))) {
+ virReportOOMError();
+ virConfFree(conf);
+ return -1;
+ }
+ }
+
p = virConfGetValue (conf, "vnc_sasl");
CHECK_TYPE ("vnc_sasl", VIR_CONF_LONG);
if (p) driver->vncSASL = p->l;
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 7d79823..19a2589 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -34,6 +34,7 @@
# include "domain_event.h"
# include "threads.h"
# include "security/security_manager.h"
+# include "access/viraccessmanager.h"
# include "cgroup.h"
# include "pci.h"
# include "hostusb.h"
@@ -116,6 +117,8 @@ struct qemud_driver {
char *securityDriverName;
virSecurityManagerPtr securityManager;
+ char *accessDriverName;
+ virAccessManagerPtr accessManager;
char *saveImageFormat;
char *dumpImageFormat;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index c920bfd..0507b43 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -239,6 +239,26 @@ error:
}
+static int
+qemuAccessInit(struct qemud_driver *driver)
+{
+ virAccessManagerPtr mgr = virAccessManagerNew(driver->accessDriverName ?
+ driver->accessDriverName :
+ "none");
+ if (!mgr)
+ goto error;
+
+ driver->accessManager = mgr;
+
+ return 0;
+
+error:
+ VIR_ERROR(_("Failed to initialize access drivers"));
+ virAccessManagerFree(mgr);
+ return -1;
+}
+
+
static virCapsPtr
qemuCreateCapabilities(virCapsPtr oldcaps,
struct qemud_driver *driver)
@@ -578,6 +598,9 @@ qemudStartup(int privileged) {
if (qemuSecurityInit(qemu_driver) < 0)
goto error;
+ if (qemuAccessInit(qemu_driver) < 0)
+ goto error;
+
if ((qemu_driver->caps = qemuCreateCapabilities(NULL,
qemu_driver)) == NULL)
goto error;
@@ -815,6 +838,7 @@ qemudShutdown(void) {
VIR_FREE(qemu_driver->dumpImageFormat);
virSecurityManagerFree(qemu_driver->securityManager);
+ virAccessManagerFree(qemu_driver->accessManager);
ebtablesContextFree(qemu_driver->ebtables);
--
1.7.7.5