Re: [PATCH 1/4] conf: introduce seclabels in shmem device element

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

On Thu, Jul 23, 2015 at 12:13 PM, Luyao Huang <lhuang@xxxxxxxxxx> wrote:
> Introduce a new element in shmem device element, this
> could help users to change the shm label to a specified
> label.
>
> Signed-off-by: Luyao Huang <lhuang@xxxxxxxxxx>
> ---
>  docs/formatdomain.html.in     |  7 ++++++
>  docs/schemas/domaincommon.rng |  3 +++
>  src/conf/domain_conf.c        | 55 ++++++++++++++++++++++++++++++++++---------
>  src/conf/domain_conf.h        |  5 ++++
>  4 files changed, 59 insertions(+), 11 deletions(-)
>

It would be better with a small test, checking parsing and format.

> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> index d0c1741..e02c67c 100644
> --- a/docs/formatdomain.html.in
> +++ b/docs/formatdomain.html.in
> @@ -6098,6 +6098,13 @@ qemu-kvm -net nic,model=? /dev/null
>        vectors. The <code>ioeventd</code> attribute enables/disables (values
>        "on"/"off", respectively) ioeventfd.
>      </dd>
> +    <dt><code>seclabel</code></dt>
> +    <dd>
> +      The  optional <code>seclabel</code> to override the way that labelling

The "element may contain an" optional <code>...

> +      is done on the shm object path or shm server path.  If this
> +      element is not present, the <a href="#seclabel">security label is inherited
> +      from the per-domain setting</a>.
> +    </dd>
>    </dl>
>
>      <h4><a name="elementsMemory">Memory devices</a></h4>
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index 1120003..f58e8de 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -3323,6 +3323,9 @@
>              </optional>
>            </element>
>          </optional>
> +        <zeroOrMore>
> +          <ref name='devSeclabel'/>
> +        </zeroOrMore>
>          <optional>
>            <ref name="address"/>
>          </optional>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 73ac537..cb3d72a 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -11261,6 +11261,8 @@ virDomainNVRAMDefParseXML(xmlNodePtr node,
>  static virDomainShmemDefPtr
>  virDomainShmemDefParseXML(xmlNodePtr node,
>                            xmlXPathContextPtr ctxt,
> +                          virSecurityLabelDefPtr* vmSeclabels,
> +                          int nvmSeclabels,
>                            unsigned int flags)
>  {
>      char *tmp = NULL;
> @@ -11332,6 +11334,10 @@ virDomainShmemDefParseXML(xmlNodePtr node,
>      if (virDomainDeviceInfoParseXML(node, NULL, &def->info, flags) < 0)
>          goto cleanup;
>
> +    if (virSecurityDeviceLabelDefParseXML(&def->seclabels, &def->nseclabels,
> +                                          vmSeclabels, nvmSeclabels,
> +                                          ctxt, flags) < 0)
> +        goto cleanup;
>
>      ret = def;
>      def = NULL;
> @@ -12457,7 +12463,11 @@ virDomainDeviceDefParse(const char *xmlStr,
>              goto error;
>          break;
>      case VIR_DOMAIN_DEVICE_SHMEM:
> -        if (!(dev->data.shmem = virDomainShmemDefParseXML(node, ctxt, flags)))
> +        if (!(dev->data.shmem = virDomainShmemDefParseXML(node,
> +                                                          ctxt,
> +                                                          def->seclabels,
> +                                                          def->nseclabels,
> +                                                          flags)))
>              goto error;
>          break;
>      case VIR_DOMAIN_DEVICE_TPM:
> @@ -16136,7 +16146,8 @@ virDomainDefParseXML(xmlDocPtr xml,
>      for (i = 0; i < n; i++) {
>          virDomainShmemDefPtr shmem;
>          ctxt->node = nodes[i];
> -        shmem = virDomainShmemDefParseXML(nodes[i], ctxt, flags);
> +        shmem = virDomainShmemDefParseXML(nodes[i], ctxt, def->seclabels,
> +                                          def->nseclabels, flags);
>          if (!shmem)
>              goto error;
>
> @@ -20308,6 +20319,8 @@ virDomainShmemDefFormat(virBufferPtr buf,
>                          virDomainShmemDefPtr def,
>                          unsigned int flags)
>  {
> +    size_t n;
> +
>      virBufferEscapeString(buf, "<shmem name='%s'", def->name);
>
>      if (!def->size &&
> @@ -20341,6 +20354,9 @@ virDomainShmemDefFormat(virBufferPtr buf,
>          virBufferAddLit(buf, "/>\n");
>      }
>
> +    for (n = 0; n < def->nseclabels; n++)
> +        virSecurityDeviceLabelDefFormat(buf, def->seclabels[n], flags);
> +
>      if (virDomainDeviceInfoFormat(buf, &def->info, flags) < 0)
>          return -1;
>
> @@ -23851,11 +23867,25 @@ virDomainObjListExport(virDomainObjListPtr domlist,
>  }
>
>
> +static virSecurityDeviceLabelDefPtr
> +virDomainGetDeviceSecurityLabelDef(virSecurityDeviceLabelDefPtr *seclabels,
> +                                   size_t nseclabels,
> +                                   const char *model)
> +{
> +    size_t i;
> +
> +    for (i = 0; i < nseclabels; i++) {
> +        if (STREQ_NULLABLE(seclabels[i]->model, model))
> +            return seclabels[i];
> +    }
> +    return NULL;
> +}
> +
> +
>  virSecurityLabelDefPtr
>  virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model)
>  {
>      size_t i;
> -    virSecurityLabelDefPtr seclabel = NULL;
>
>      if (def == NULL || model == NULL)
>          return NULL;
> @@ -23866,24 +23896,27 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model)
>          if (STREQ(def->seclabels[i]->model, model))
>              return def->seclabels[i];
>      }
> -
> -    return seclabel;
> +    return NULL;

This looks like a seperate cleanup.

>  }
>
>
>  virSecurityDeviceLabelDefPtr
>  virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model)
>  {
> -    size_t i;
> +    if (def == NULL)
> +        return NULL;
> +
> +    return virDomainGetDeviceSecurityLabelDef(def->seclabels, def->nseclabels, model);
> +}
>
> +
> +virSecurityDeviceLabelDefPtr
> +virDomainShmemDefGetSecurityLabelDef(virDomainShmemDefPtr def, const char *model)
> +{
>      if (def == NULL)
>          return NULL;
>
> -    for (i = 0; i < def->nseclabels; i++) {
> -        if (STREQ_NULLABLE(def->seclabels[i]->model, model))
> -            return def->seclabels[i];
> -    }
> -    return NULL;
> +    return virDomainGetDeviceSecurityLabelDef(def->seclabels, def->nseclabels, model);
>  }
>
>
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index 0fe6b1a..1a0475e 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -1608,6 +1608,8 @@ struct _virDomainShmemDef {
>          unsigned vectors;
>          virTristateSwitch ioeventfd;
>      } msi;
> +    size_t nseclabels;
> +    virSecurityDeviceLabelDefPtr *seclabels;
>      virDomainDeviceInfo info;
>  };
>
> @@ -2943,6 +2945,9 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model);
>  virSecurityDeviceLabelDefPtr
>  virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model);
>
> +virSecurityDeviceLabelDefPtr
> +virDomainShmemDefGetSecurityLabelDef(virDomainShmemDefPtr def, const char *model);
> +
>  typedef const char* (*virEventActionToStringFunc)(int type);
>  typedef int (*virEventActionFromStringFunc)(const char *type);
>
> --
> 1.8.3.1
>
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list



-- 
Marc-André Lureau

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]