1:52 p.m.
Currently, the libxl driver does not support any security drivers.
When the qemu driver has no security driver configued,
nodeGetSecurityModel succeeds but returns an empty virSecurityModel
object. Do the same in the libxl driver instead of reporting
this function is not supported by the connection driver:
virNodeGetSecurityModel
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
I was reminded of this today when looking through a libvirtd log.
The system was running a test script that among other things
called 'virsh dominfo'. Each time dominfo was called, the log
was spammed with "this function is not supported by the connection
driver: virNodeGetSecurityModel".
src/libxl/libxl_driver.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index 60c139e..d6b20ae 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -5027,6 +5027,23 @@ libxlDomainMigrateConfirm3Params(virDomainPtr domain,
return libxlDomainMigrationConfirm(driver, vm, flags, cancelled);
}
+static int libxlNodeGetSecurityModel(virConnectPtr conn,
+ virSecurityModelPtr secmodel)
+{
+ memset(secmodel, 0, sizeof(*secmodel));
+
+ if (virNodeGetSecurityModelEnsureACL(conn) < 0)
+ return -1;
+
+ /*
+ * Currently the libxl driver does not support security model.
+ * Similar to the qemu driver, treat this as success and simply
+ * return no data in secmodel. Avoids spamming the libvirt log
+ * with "this function is not supported by the connection driver:
+ * virNodeGetSecurityModel"
+ */
+ return 0;
+}
static virHypervisorDriver libxlHypervisorDriver = {
.name = LIBXL_DRIVER_NAME,
@@ -5122,6 +5139,7 @@ static virHypervisorDriver libxlHypervisorDriver = {
.domainMigratePerform3Params = libxlDomainMigratePerform3Params, /* 1.2.6 */
.domainMigrateFinish3Params = libxlDomainMigrateFinish3Params, /* 1.2.6 */
.domainMigrateConfirm3Params = libxlDomainMigrateConfirm3Params, /* 1.2.6 */
+ .nodeGetSecurityModel = libxlNodeGetSecurityModel, /* 1.2.16 */
};
static virConnectDriver libxlConnectDriver = {
--
2.3.7
2:57 p.m.
On 05/15/2015 12:52 PM, Jim Fehlig wrote:
Currently, the libxl driver does not support any security drivers.
When the qemu driver has no security driver configued,
nodeGetSecurityModel succeeds but returns an empty virSecurityModel
object. Do the same in the libxl driver instead of reporting
this function is not supported by the connection driver:
virNodeGetSecurityModel
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
I was reminded of this today when looking through a libvirtd log.
The system was running a test script that among other things
called 'virsh dominfo'. Each time dominfo was called, the log
was spammed with "this function is not supported by the connection
driver: virNodeGetSecurityModel".
src/libxl/libxl_driver.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index 60c139e..d6b20ae 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -5027,6 +5027,23 @@ libxlDomainMigrateConfirm3Params(virDomainPtr domain,
return libxlDomainMigrationConfirm(driver, vm, flags, cancelled);
}
+static int libxlNodeGetSecurityModel(virConnectPtr conn,
+ virSecurityModelPtr secmodel)
+{
+ memset(secmodel, 0, sizeof(*secmodel));
I wonder if src/libvirt-host.c should take care of this for all callers.
But it doesn't need to happen in this patch.
ACK
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
3:47 a.m.
On 15.05.2015 20:52, Jim Fehlig wrote:
Currently, the libxl driver does not support any security drivers.
When the qemu driver has no security driver configued,
nodeGetSecurityModel succeeds but returns an empty virSecurityModel
object. Do the same in the libxl driver instead of reporting
this function is not supported by the connection driver:
virNodeGetSecurityModel
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
I was reminded of this today when looking through a libvirtd log.
The system was running a test script that among other things
called 'virsh dominfo'. Each time dominfo was called, the log
was spammed with "this function is not supported by the connection
driver: virNodeGetSecurityModel".
src/libxl/libxl_driver.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index 60c139e..d6b20ae 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -5027,6 +5027,23 @@ libxlDomainMigrateConfirm3Params(virDomainPtr domain,
return libxlDomainMigrationConfirm(driver, vm, flags, cancelled);
}
+static int libxlNodeGetSecurityModel(virConnectPtr conn,
+ virSecurityModelPtr secmodel)
+{
+ memset(secmodel, 0, sizeof(*secmodel));
+
+ if (virNodeGetSecurityModelEnsureACL(conn) < 0)
+ return -1;
+
+ /*
+ * Currently the libxl driver does not support security model.
+ * Similar to the qemu driver, treat this as success and simply
+ * return no data in secmodel. Avoids spamming the libvirt log
+ * with "this function is not supported by the connection driver:
+ * virNodeGetSecurityModel"
Moreover, this behaviour is defined and documented in the API description:
* Extract the security model of a hypervisor. The 'model' field
* in the @secmodel argument may be initialized to the empty
* string if the driver has not activated a security model.
Awesome.
+ */
+ return 0;
+}
static virHypervisorDriver libxlHypervisorDriver = {
.name = LIBXL_DRIVER_NAME,
@@ -5122,6 +5139,7 @@ static virHypervisorDriver libxlHypervisorDriver = {
.domainMigratePerform3Params = libxlDomainMigratePerform3Params, /* 1.2.6 */
.domainMigrateFinish3Params = libxlDomainMigrateFinish3Params, /* 1.2.6 */
.domainMigrateConfirm3Params = libxlDomainMigrateConfirm3Params, /* 1.2.6 */
+ .nodeGetSecurityModel = libxlNodeGetSecurityModel, /* 1.2.16 */
};
static virConnectDriver libxlConnectDriver = {
ACK
Michal
3476
days inactive
3479
days old
2 comments
3 participants
participants (3)
-
Eric Blake -
Jim Fehlig -
Michal Privoznik