The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "vol->encryption" is
non-NULL iff the volume is encrypted.
Note that partial encryption information (e.g. specifying an encryption
format, but not the key/passphrase) is valid:
* virStorageVolGetXMLDesc() will never reveal the key/passphrase, even
if known by libvirt.
* Future mechanisms could be set up to allow a libvirt user to specify
during volume creation that a volume should be encrypted, leaving
libvirt to choose suitable parameters and key and return them:
this would allow the libvirt user to automatically support any
encryption parameters (and perhaps encryption formats) supported in
libvirt, as long as the user can send the same information back when
using the volume in the future.
---
src/storage_conf.c | 19 +++++++++++++++++++
src/storage_conf.h | 2 ++
2 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/src/storage_conf.c b/src/storage_conf.c
index 075279c..4a77e87 100644
--- a/src/storage_conf.c
+++ b/src/storage_conf.c
@@ -267,6 +267,7 @@ virStorageVolDefFree(virStorageVolDefPtr def) {
VIR_FREE(def->target.perms.label);
VIR_FREE(def->backingStore.path);
VIR_FREE(def->backingStore.perms.label);
+ virStorageEncryptionFree(def->encryption);
VIR_FREE(def);
}
@@ -960,6 +961,7 @@ virStorageVolDefParseXML(virConnectPtr conn,
char *allocation = NULL;
char *capacity = NULL;
char *unit = NULL;
+ xmlNodePtr node;
options = virStorageVolOptionsForPoolType(pool->type);
if (options == NULL)
@@ -1047,6 +1049,19 @@ virStorageVolDefParseXML(virConnectPtr conn,
"./backingStore/permissions", 0600) < 0)
goto cleanup;
+ node = virXPathNode(conn, "./encryption", ctxt);
+ if (node != NULL) {
+ virStorageEncryptionPtr enc;
+
+ enc = virStorageEncryptionParseNode(conn, ctxt->doc, node);
+ if (enc == NULL)
+ goto cleanup;
+ if (enc->format != VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED)
+ ret->encryption = enc;
+ else
+ virStorageEncryptionFree(enc);
+ }
+
return ret;
cleanup:
@@ -1254,6 +1269,10 @@ virStorageVolDefFormat(virConnectPtr conn,
&def->backingStore, "backingStore")
< 0)
goto cleanup;
+ if (def->encryption != NULL &&
+ virStorageEncryptionFormat(conn, &buf, def->encryption, false) < 0)
+ goto cleanup;
+
virBufferAddLit(&buf,"</volume>\n");
if (virBufferError(&buf))
diff --git a/src/storage_conf.h b/src/storage_conf.h
index a6c3650..cd6944f 100644
--- a/src/storage_conf.h
+++ b/src/storage_conf.h
@@ -26,6 +26,7 @@
#include "internal.h"
#include "util.h"
+#include "storage_encryption.h"
#include "threads.h"
#include <libxml/tree.h>
@@ -95,6 +96,7 @@ struct _virStorageVolDef {
virStorageVolSource source;
virStorageVolTarget target;
virStorageVolTarget backingStore;
+ virStorageEncryptionPtr encryption; /* only used if not "unencrypted" */
};
typedef struct _virStorageVolDefList virStorageVolDefList;
--
1.6.2.5