[libvirt] [PATCH 12/20] Attach encryption information to virStorageVolDef.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "vol->encryption" is
non-NULL iff the volume is encrypted.

Note that partial encryption information (e.g. specifying an encryption
format, but not the key/passphrase) is valid, libvirt will automatically
choose value for the missing information during volume creation.  The
user can read the volume XML, and use the unmodified <encryption> tag in
future operations (without having to be able to understand) its contents.

Changes since the first submission:
- Attach <encryption> inside <target>.
- Update <volume> schema.
- Add documentation.
- Add a schema validity test.
---
 docs/formatstorage.html                  |    6 ++++++
 docs/formatstorage.html.in               |    8 ++++++++
 docs/schemas/storagevol.rng              |    3 +++
 src/storage_conf.c                       |   20 ++++++++++++++++++++
 src/storage_conf.h                       |    4 ++++
 tests/storagevolschemadata/vol-qcow2.xml |    4 ++++
 6 files changed, 45 insertions(+), 0 deletions(-)

diff --git a/docs/formatstorage.html b/docs/formatstorage.html
index 19936ae..97eaa92 100644
--- a/docs/formatstorage.html
+++ b/docs/formatstorage.html
@@ -252,6 +252,9 @@
             &lt;mode&gt;0744&lt;/mode&gt;
             &lt;label&gt;virt_image_t&lt;/label&gt;
           &lt;/permissions&gt;
+          &lt;encryption type='...'&gt;
+            ...
+          &lt;/encryption&gt;
         &lt;/target&gt;
       &lt;/pool&gt;</pre>
         <dl><dt><code>path</code></dt><dd>Provides the location at which the pool will be mapped into
@@ -274,6 +277,9 @@
 	element contains the numeric group ID. The <code>label</code> element
 	contains the MAC (eg SELinux) label string.
 	<span class="since">Since 0.4.1</span>
+      </dd><dt><code>encryption</code></dt><dd>If present, specifies how the volume is encrypted.  See
+        the <a href="formatstorageencryption.html">Storage Encryption</a> page
+        for more information.
       </dd></dl>
         <h3>
           <a name="StoragePoolExtents" id="StoragePoolExtents">Device extents</a>
diff --git a/docs/formatstorage.html.in b/docs/formatstorage.html.in
index 4878d72..3ed88a2 100644
--- a/docs/formatstorage.html.in
+++ b/docs/formatstorage.html.in
@@ -124,6 +124,9 @@
             &lt;mode&gt;0744&lt;/mode&gt;
             &lt;label&gt;virt_image_t&lt;/label&gt;
           &lt;/permissions&gt;
+          &lt;encryption type='...'&gt;
+            ...
+          &lt;/encryption&gt;
         &lt;/target&gt;
       &lt;/pool&gt;</pre>
 
@@ -152,6 +155,11 @@
 	contains the MAC (eg SELinux) label string.
 	<span class="since">Since 0.4.1</span>
       </dd>
+      <dt><code>encryption</code></dt>
+      <dd>If present, specifies how the volume is encrypted.  See
+        the <a href="formatstorageencryption.html">Storage Encryption</a> page
+        for more information.
+      </dd>
     </dl>
 
     <h3><a name="StoragePoolExtents">Device extents</a></h3>
diff --git a/docs/schemas/storagevol.rng b/docs/schemas/storagevol.rng
index 7dc7876..6ab685a 100644
--- a/docs/schemas/storagevol.rng
+++ b/docs/schemas/storagevol.rng
@@ -6,6 +6,8 @@
     <ref name='vol'/>
   </start>
 
+  <include href='storageencryption.rng'/>
+
 
   <define name='vol'>
     <element name='volume'>
@@ -74,6 +76,7 @@
       </optional>
       <ref name='format'/>
       <ref name='permissions'/>
+      <ref name='encryption'/>
     </element>
   </define>
 
diff --git a/src/storage_conf.c b/src/storage_conf.c
index 075279c..9a1b0ba 100644
--- a/src/storage_conf.c
+++ b/src/storage_conf.c
@@ -265,8 +265,10 @@ virStorageVolDefFree(virStorageVolDefPtr def) {
 
     VIR_FREE(def->target.path);
     VIR_FREE(def->target.perms.label);
+    virStorageEncryptionFree(def->target.encryption);
     VIR_FREE(def->backingStore.path);
     VIR_FREE(def->backingStore.perms.label);
+    virStorageEncryptionFree(def->backingStore.encryption);
     VIR_FREE(def);
 }
 
@@ -960,6 +962,7 @@ virStorageVolDefParseXML(virConnectPtr conn,
     char *allocation = NULL;
     char *capacity = NULL;
     char *unit = NULL;
+    xmlNodePtr node;
 
     options = virStorageVolOptionsForPoolType(pool->type);
     if (options == NULL)
@@ -1024,6 +1027,19 @@ virStorageVolDefParseXML(virConnectPtr conn,
                                 "./target/permissions", 0600) < 0)
         goto cleanup;
 
+    node = virXPathNode(conn, "./target/encryption", ctxt);
+    if (node != NULL) {
+        virStorageEncryptionPtr enc;
+
+        enc = virStorageEncryptionParseNode(conn, ctxt->doc, node);
+        if (enc == NULL)
+            goto cleanup;
+        if (enc->format != VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED)
+            ret->target.encryption = enc;
+        else
+            virStorageEncryptionFree(enc);
+    }
+
 
 
     ret->backingStore.path = virXPathString(conn, "string(./backingStore/path)", ctxt);
@@ -1194,6 +1210,10 @@ virStorageVolTargetDefFormat(virConnectPtr conn,
 
     virBufferAddLit(buf,"    </permissions>\n");
 
+    if (def->encryption != NULL &&
+        virStorageEncryptionFormat(conn, buf, def->encryption) < 0)
+        return -1;
+
     virBufferVSprintf(buf, "  </%s>\n", type);
 
     return 0;
diff --git a/src/storage_conf.h b/src/storage_conf.h
index a6c3650..8ae1742 100644
--- a/src/storage_conf.h
+++ b/src/storage_conf.h
@@ -26,6 +26,7 @@
 
 #include "internal.h"
 #include "util.h"
+#include "storage_encryption.h"
 #include "threads.h"
 
 #include <libxml/tree.h>
@@ -77,6 +78,9 @@ struct _virStorageVolTarget {
     int format;
     virStoragePerms perms;
     int type; /* only used by disk backend for partition type */
+    /* Only used if not "unencrypted".
+       Currently used only in virStorageVolDef.target, not in .backingstore. */
+    virStorageEncryptionPtr encryption;
 };
 
 
diff --git a/tests/storagevolschemadata/vol-qcow2.xml b/tests/storagevolschemadata/vol-qcow2.xml
index c1cf02f..b07c93c 100644
--- a/tests/storagevolschemadata/vol-qcow2.xml
+++ b/tests/storagevolschemadata/vol-qcow2.xml
@@ -14,6 +14,10 @@
       <group>0</group>
       <label>unconfined_u:object_r:virt_image_t:s0</label>
     </permissions>
+    <encryption format='qcow'>
+      <secret type='passphrase'
+              secret_id='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
+    </encryption>
   </target>
   <backingStore>
     <path>/var/lib/libvirt/images/BaseDemo.img</path>
-- 
1.6.2.5

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]