The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "disk->encryption" is
non-NULL iff encryption information is available.
Note that partial encryption information (e.g. specifying an encryption
format, but not the key/passphrase) is valid:
* virDomainGetXMLDesc() will only reveal the key/passphrase if
VIR_DOMAIN_XML_SECURE is used.
* A domain with partial encryption information can be defined,
completenes of the information is not verified. The domain won't
start until the remaining information is added, of course.
---
src/domain_conf.c | 25 +++++++++++++++++++++++--
src/domain_conf.h | 2 ++
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/src/domain_conf.c b/src/domain_conf.c
index f3e4c6c..507abd8 100644
--- a/src/domain_conf.c
+++ b/src/domain_conf.c
@@ -287,6 +287,7 @@ void virDomainDiskDefFree(virDomainDiskDefPtr def)
VIR_FREE(def->dst);
VIR_FREE(def->driverName);
VIR_FREE(def->driverType);
+ virStorageEncryptionFree(def->encryption);
VIR_FREE(def);
}
@@ -654,6 +655,7 @@ virDomainDiskDefParseXML(virConnectPtr conn,
char *target = NULL;
char *bus = NULL;
char *cachetag = NULL;
+ virStorageEncryptionPtr encryption = NULL;
if (VIR_ALLOC(def) < 0) {
virReportOOMError(conn);
@@ -708,6 +710,17 @@ virDomainDiskDefParseXML(virConnectPtr conn,
def->readonly = 1;
} else if (xmlStrEqual(cur->name, BAD_CAST "shareable")) {
def->shared = 1;
+ } else if (encryption == NULL &&
+ xmlStrEqual(cur->name, BAD_CAST "encryption")) {
+ encryption = virStorageEncryptionParseNode(conn, node->doc,
+ cur);
+ if (encryption == NULL)
+ goto error;
+ if (encryption->format ==
+ VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED) {
+ virStorageEncryptionFree(encryption);
+ encryption = NULL;
+ }
}
}
cur = cur->next;
@@ -815,6 +828,8 @@ virDomainDiskDefParseXML(virConnectPtr conn,
driverName = NULL;
def->driverType = driverType;
driverType = NULL;
+ def->encryption = encryption;
+ encryption = NULL;
cleanup:
VIR_FREE(bus);
@@ -825,6 +840,7 @@ cleanup:
VIR_FREE(driverType);
VIR_FREE(driverName);
VIR_FREE(cachetag);
+ virStorageEncryptionFree(encryption);
return def;
@@ -3387,7 +3403,8 @@ virDomainLifecycleDefFormat(virConnectPtr conn,
static int
virDomainDiskDefFormat(virConnectPtr conn,
virBufferPtr buf,
- virDomainDiskDefPtr def)
+ virDomainDiskDefPtr def,
+ int flags)
{
const char *type = virDomainDiskTypeToString(def->type);
const char *device = virDomainDiskDeviceTypeToString(def->device);
@@ -3444,6 +3461,10 @@ virDomainDiskDefFormat(virConnectPtr conn,
virBufferAddLit(buf, " <readonly/>\n");
if (def->shared)
virBufferAddLit(buf, " <shareable/>\n");
+ if (def->encryption != NULL &&
+ virStorageEncryptionFormat(conn, buf, def->encryption,
+ (flags & VIR_DOMAIN_XML_SECURE)) < 0)
+ return -1;
virBufferAddLit(buf, " </disk>\n");
@@ -4047,7 +4068,7 @@ char *virDomainDefFormat(virConnectPtr conn,
def->emulator);
for (n = 0 ; n < def->ndisks ; n++)
- if (virDomainDiskDefFormat(conn, &buf, def->disks[n]) < 0)
+ if (virDomainDiskDefFormat(conn, &buf, def->disks[n], flags) < 0)
goto cleanup;
for (n = 0 ; n < def->nfss ; n++)
diff --git a/src/domain_conf.h b/src/domain_conf.h
index 6e111fa..32d03ac 100644
--- a/src/domain_conf.h
+++ b/src/domain_conf.h
@@ -30,6 +30,7 @@
#include "internal.h"
#include "capabilities.h"
+#include "storage_encryption.h"
#include "util.h"
#include "threads.h"
@@ -107,6 +108,7 @@ struct _virDomainDiskDef {
unsigned int readonly : 1;
unsigned int shared : 1;
int slotnum; /* pci slot number for unattach */
+ virStorageEncryptionPtr encryption;
};
--
1.6.2.5
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list