The XML allows <encryption format='unencrypted'/>, this implementation canonicalizes the internal representation so that "vol->encryption" is non-NULL iff the volume is encrypted. Note that partial encryption information (e.g. specifying an encryption format, but not the key/passphrase) is valid: * virStorageVolGetXMLDesc() will never reveal the key/passphrase, even if known by libvirt. * Future mechanisms could be set up to allow a libvirt user to specify during volume creation that a volume should be encrypted, leaving libvirt to choose suitable parameters and key and return them: this would allow the libvirt user to automatically support any encryption parameters (and perhaps encryption formats) supported in libvirt, as long as the user can send the same information back when using the volume in the future. --- src/storage_conf.c | 19 +++++++++++++++++++ src/storage_conf.h | 2 ++ 2 files changed, 21 insertions(+), 0 deletions(-) diff --git a/src/storage_conf.c b/src/storage_conf.c index 075279c..4a77e87 100644 --- a/src/storage_conf.c +++ b/src/storage_conf.c @@ -267,6 +267,7 @@ virStorageVolDefFree(virStorageVolDefPtr def) { VIR_FREE(def->target.perms.label); VIR_FREE(def->backingStore.path); VIR_FREE(def->backingStore.perms.label); + virStorageEncryptionFree(def->encryption); VIR_FREE(def); } @@ -960,6 +961,7 @@ virStorageVolDefParseXML(virConnectPtr conn, char *allocation = NULL; char *capacity = NULL; char *unit = NULL; + xmlNodePtr node; options = virStorageVolOptionsForPoolType(pool->type); if (options == NULL) @@ -1047,6 +1049,19 @@ virStorageVolDefParseXML(virConnectPtr conn, "./backingStore/permissions", 0600) < 0) goto cleanup; + node = virXPathNode(conn, "./encryption", ctxt); + if (node != NULL) { + virStorageEncryptionPtr enc; + + enc = virStorageEncryptionParseNode(conn, ctxt->doc, node); + if (enc == NULL) + goto cleanup; + if (enc->format != VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED) + ret->encryption = enc; + else + virStorageEncryptionFree(enc); + } + return ret; cleanup: @@ -1254,6 +1269,10 @@ virStorageVolDefFormat(virConnectPtr conn, &def->backingStore, "backingStore") < 0) goto cleanup; + if (def->encryption != NULL && + virStorageEncryptionFormat(conn, &buf, def->encryption, false) < 0) + goto cleanup; + virBufferAddLit(&buf,"</volume>\n"); if (virBufferError(&buf)) diff --git a/src/storage_conf.h b/src/storage_conf.h index a6c3650..cd6944f 100644 --- a/src/storage_conf.h +++ b/src/storage_conf.h @@ -26,6 +26,7 @@ #include "internal.h" #include "util.h" +#include "storage_encryption.h" #include "threads.h" #include <libxml/tree.h> @@ -95,6 +96,7 @@ struct _virStorageVolDef { virStorageVolSource source; virStorageVolTarget target; virStorageVolTarget backingStore; + virStorageEncryptionPtr encryption; /* only used if not "unencrypted" */ }; typedef struct _virStorageVolDefList virStorageVolDefList; -- 1.6.2.5 -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list