On Tue, Aug 04, 2009 at 10:28:27PM +0200, Miloslav Trma?? wrote:
The XML allows <encryption format='unencrypted'/>, this implementation canonicalizes the internal representation so that "vol->encryption" is non-NULL iff the volume is encrypted.
Note that partial encryption information (e.g. specifying an encryption format, but not the key/passphrase) is valid, libvirt will automatically choose value for the missing information during volume creation. The user can read the volume XML, and use the unmodified <encryption> tag in future operations (without having to be able to understand) its contents.
diff --git a/docs/schemas/storagevol.rng b/docs/schemas/storagevol.rng index 7dc7876..6ab685a 100644 --- a/docs/schemas/storagevol.rng +++ b/docs/schemas/storagevol.rng @@ -6,6 +6,8 @@ <ref name='vol'/> </start>
+ <include href='storageencryption.rng'/> +
<define name='vol'> <element name='volume'> @@ -74,6 +76,7 @@ </optional> <ref name='format'/> <ref name='permissions'/> + <ref name='encryption'/> </element> </define>
To allow removal of "<encryption>" for non-encrypted cases, I believe we'd need to add <optional> <ref name='encrption'/> </optional> Unless that's 'encryption' schema rule itself has <optional> already ?
diff --git a/src/storage_conf.c b/src/storage_conf.c index 075279c..9a1b0ba 100644 --- a/src/storage_conf.c +++ b/src/storage_conf.c @@ -265,8 +265,10 @@ virStorageVolDefFree(virStorageVolDefPtr def) {
VIR_FREE(def->target.path); VIR_FREE(def->target.perms.label); + virStorageEncryptionFree(def->target.encryption); VIR_FREE(def->backingStore.path); VIR_FREE(def->backingStore.perms.label); + virStorageEncryptionFree(def->backingStore.encryption); VIR_FREE(def); }
@@ -960,6 +962,7 @@ virStorageVolDefParseXML(virConnectPtr conn, char *allocation = NULL; char *capacity = NULL; char *unit = NULL; + xmlNodePtr node;
options = virStorageVolOptionsForPoolType(pool->type); if (options == NULL) @@ -1024,6 +1027,19 @@ virStorageVolDefParseXML(virConnectPtr conn, "./target/permissions", 0600) < 0) goto cleanup;
+ node = virXPathNode(conn, "./target/encryption", ctxt); + if (node != NULL) { + virStorageEncryptionPtr enc; + + enc = virStorageEncryptionParseNode(conn, ctxt->doc, node); + if (enc == NULL) + goto cleanup; + if (enc->format != VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED) + ret->target.encryption = enc; + else + virStorageEncryptionFree(enc); + } +
ret->backingStore.path = virXPathString(conn, "string(./backingStore/path)", ctxt); @@ -1194,6 +1210,10 @@ virStorageVolTargetDefFormat(virConnectPtr conn,
virBufferAddLit(buf," </permissions>\n");
+ if (def->encryption != NULL && + virStorageEncryptionFormat(conn, buf, def->encryption) < 0) + return -1; + virBufferVSprintf(buf, " </%s>\n", type);
return 0; diff --git a/src/storage_conf.h b/src/storage_conf.h index a6c3650..8ae1742 100644 --- a/src/storage_conf.h +++ b/src/storage_conf.h @@ -26,6 +26,7 @@
#include "internal.h" #include "util.h" +#include "storage_encryption.h" #include "threads.h"
#include <libxml/tree.h> @@ -77,6 +78,9 @@ struct _virStorageVolTarget { int format; virStoragePerms perms; int type; /* only used by disk backend for partition type */ + /* Only used if not "unencrypted". + Currently used only in virStorageVolDef.target, not in .backingstore. */ + virStorageEncryptionPtr encryption; };
diff --git a/tests/storagevolschemadata/vol-qcow2.xml b/tests/storagevolschemadata/vol-qcow2.xml index c1cf02f..b07c93c 100644 --- a/tests/storagevolschemadata/vol-qcow2.xml +++ b/tests/storagevolschemadata/vol-qcow2.xml @@ -14,6 +14,10 @@ <group>0</group> <label>unconfined_u:object_r:virt_image_t:s0</label> </permissions> + <encryption format='qcow'> + <secret type='passphrase' + secret_id='e78d4b51-a2af-485f-b0f5-afca709a80f4'/> + </encryption> </target> <backingStore> <path>/var/lib/libvirt/images/BaseDemo.img</path> -- 1.6.2.5
Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|