[PATCH v2 2/4] virsh: Add '--full-seclabels' option for dominfo
There is no virsh command uses virDomainGetSecurityLabelList API, so add
an option for dominfo to call it and print full list of security labels.
Signed-off-by: Luke Yue <lukedyue(a)gmail.com>
---
docs/manpages/virsh.rst | 5 +++--
tools/virsh-domain-monitor.c | 43 +++++++++++++++++++++++++++++++-----
2 files changed, 40 insertions(+), 8 deletions(-)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 39636a565e..54391b7557 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -2008,9 +2008,10 @@ dominfo
::
- dominfo domain
+ dominfo domain [--full-seclabels]
-Returns basic information about the domain.
+Returns basic information about the domain. *--full-seclabels* tells virsh
+to print full list of security labels.
domjobabort
diff --git a/tools/virsh-domain-monitor.c b/tools/virsh-domain-monitor.c
index eb3e0ef11a..1bb3bed1cb 100644
--- a/tools/virsh-domain-monitor.c
+++ b/tools/virsh-domain-monitor.c
@@ -1203,6 +1203,10 @@ static const vshCmdInfo info_dominfo[] = {
static const vshCmdOptDef opts_dominfo[] = {
VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+ {.name = "full-seclabels",
+ .type = VSH_OT_BOOL,
+ .help = N_("Show full list of security labels of a domain")
+ },
{.name = NULL}
};
@@ -1222,6 +1226,7 @@ cmdDominfo(vshControl *ctl, const vshCmd *cmd)
int has_managed_save = 0;
virshControl *priv = ctl->privData;
g_auto(GStrv) messages = NULL;
+ bool fullseclabels = vshCommandOptBool(cmd, "full-seclabels");
if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
return false;
@@ -1303,16 +1308,42 @@ cmdDominfo(vshControl *ctl, const vshCmd *cmd)
vshPrint(ctl, "%-15s %s\n", _("Security model:"),
secmodel.model);
vshPrint(ctl, "%-15s %s\n", _("Security DOI:"),
secmodel.doi);
- /* Security labels are only valid for active domains */
- seclabel = g_new0(virSecurityLabel, 1);
+ if (fullseclabels) {
+ int len;
+ size_t i;
- if (virDomainGetSecurityLabel(dom, seclabel) == -1) {
- VIR_FREE(seclabel);
- return false;
+ if ((len = virDomainGetSecurityLabelList(dom, &seclabel)) < 0) {
+ g_clear_pointer(&seclabel, g_free);
+ return false;
+ }
+
+ for (i = 0; i < len; i++)
+ if (seclabel[i].label[0] != '\0')
+ vshPrint(ctl, "%-16s %s (%s)\n",
+ i == 0 ? _("Security labels:") :
"",
+ seclabel[i].label,
+ seclabel[i].enforcing ?
+ "enforcing" :
+ "permissive");
+
+ g_clear_pointer(&seclabel, g_free);
} else {
+ /* Security labels are only valid for active domains */
+ seclabel = g_new0(virSecurityLabel, 1);
+
+ if (virDomainGetSecurityLabel(dom, seclabel) < 0) {
+ g_clear_pointer(&seclabel, g_free);
+ return false;
+ }
+
if (seclabel->label[0] != '\0')
vshPrint(ctl, "%-15s %s (%s)\n", _("Security
label:"),
- seclabel->label, seclabel->enforcing ?
"enforcing" : "permissive");
+ seclabel->label,
+ seclabel->enforcing ?
+ "enforcing" :
+ "permissive");
+
+ g_clear_pointer(&seclabel, g_free);
}
VIR_FREE(seclabel);
--
2.34.1