The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "vol->encryption" is
non-NULL iff the volume is encrypted.
Note that partial encryption information (e.g. specifying an encryption
format, but not the key/passphrase) is valid, libvirt will automatically
choose value for the missing information during volume creation. The
user can read the volume XML, and use the unmodified <encryption> tag in
future operations (without having to be able to understand) its contents.
Changes since the first submission:
- Attach <encryption> inside <target>.
- Update <volume> schema.
- Add documentation.
- Add a schema validity test.
---
docs/formatstorage.html | 6 ++++++
docs/formatstorage.html.in | 8 ++++++++
docs/schemas/storagevol.rng | 3 +++
src/storage_conf.c | 20 ++++++++++++++++++++
src/storage_conf.h | 4 ++++
tests/storagevolschemadata/vol-qcow2.xml | 4 ++++
6 files changed, 45 insertions(+), 0 deletions(-)
diff --git a/docs/formatstorage.html b/docs/formatstorage.html
index 19936ae..97eaa92 100644
--- a/docs/formatstorage.html
+++ b/docs/formatstorage.html
@@ -252,6 +252,9 @@
<mode>0744</mode>
<label>virt_image_t</label>
</permissions>
+ <encryption type='...'>
+ ...
+ </encryption>
</target>
</pool></pre>
<dl><dt><code>path</code></dt><dd>Provides the location at which the pool will be mapped into
@@ -274,6 +277,9 @@
element contains the numeric group ID. The <code>label</code> element
contains the MAC (eg SELinux) label string.
<span class="since">Since 0.4.1</span>
+ </dd><dt><code>encryption</code></dt><dd>If present, specifies how the volume is encrypted. See
+ the <a href="formatstorageencryption.html">Storage Encryption</a> page
+ for more information.
</dd></dl>
<h3>
<a name="StoragePoolExtents" id="StoragePoolExtents">Device extents</a>
diff --git a/docs/formatstorage.html.in b/docs/formatstorage.html.in
index 4878d72..3ed88a2 100644
--- a/docs/formatstorage.html.in
+++ b/docs/formatstorage.html.in
@@ -124,6 +124,9 @@
<mode>0744</mode>
<label>virt_image_t</label>
</permissions>
+ <encryption type='...'>
+ ...
+ </encryption>
</target>
</pool></pre>
@@ -152,6 +155,11 @@
contains the MAC (eg SELinux) label string.
<span class="since">Since 0.4.1</span>
</dd>
+ <dt><code>encryption</code></dt>
+ <dd>If present, specifies how the volume is encrypted. See
+ the <a href="formatstorageencryption.html">Storage Encryption</a> page
+ for more information.
+ </dd>
</dl>
<h3><a name="StoragePoolExtents">Device extents</a></h3>
diff --git a/docs/schemas/storagevol.rng b/docs/schemas/storagevol.rng
index 7dc7876..6ab685a 100644
--- a/docs/schemas/storagevol.rng
+++ b/docs/schemas/storagevol.rng
@@ -6,6 +6,8 @@
<ref name='vol'/>
</start>
+ <include href='storageencryption.rng'/>
+
<define name='vol'>
<element name='volume'>
@@ -74,6 +76,7 @@
</optional>
<ref name='format'/>
<ref name='permissions'/>
+ <ref name='encryption'/>
</element>
</define>
diff --git a/src/storage_conf.c b/src/storage_conf.c
index 075279c..9a1b0ba 100644
--- a/src/storage_conf.c
+++ b/src/storage_conf.c
@@ -265,8 +265,10 @@ virStorageVolDefFree(virStorageVolDefPtr def) {
VIR_FREE(def->target.path);
VIR_FREE(def->target.perms.label);
+ virStorageEncryptionFree(def->target.encryption);
VIR_FREE(def->backingStore.path);
VIR_FREE(def->backingStore.perms.label);
+ virStorageEncryptionFree(def->backingStore.encryption);
VIR_FREE(def);
}
@@ -960,6 +962,7 @@ virStorageVolDefParseXML(virConnectPtr conn,
char *allocation = NULL;
char *capacity = NULL;
char *unit = NULL;
+ xmlNodePtr node;
options = virStorageVolOptionsForPoolType(pool->type);
if (options == NULL)
@@ -1024,6 +1027,19 @@ virStorageVolDefParseXML(virConnectPtr conn,
"./target/permissions", 0600) < 0)
goto cleanup;
+ node = virXPathNode(conn, "./target/encryption", ctxt);
+ if (node != NULL) {
+ virStorageEncryptionPtr enc;
+
+ enc = virStorageEncryptionParseNode(conn, ctxt->doc, node);
+ if (enc == NULL)
+ goto cleanup;
+ if (enc->format != VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED)
+ ret->target.encryption = enc;
+ else
+ virStorageEncryptionFree(enc);
+ }
+
ret->backingStore.path = virXPathString(conn, "string(./backingStore/path)", ctxt);
@@ -1194,6 +1210,10 @@ virStorageVolTargetDefFormat(virConnectPtr conn,
virBufferAddLit(buf," </permissions>\n");
+ if (def->encryption != NULL &&
+ virStorageEncryptionFormat(conn, buf, def->encryption) < 0)
+ return -1;
+
virBufferVSprintf(buf, " </%s>\n", type);
return 0;
diff --git a/src/storage_conf.h b/src/storage_conf.h
index a6c3650..8ae1742 100644
--- a/src/storage_conf.h
+++ b/src/storage_conf.h
@@ -26,6 +26,7 @@
#include "internal.h"
#include "util.h"
+#include "storage_encryption.h"
#include "threads.h"
#include <libxml/tree.h>
@@ -77,6 +78,9 @@ struct _virStorageVolTarget {
int format;
virStoragePerms perms;
int type; /* only used by disk backend for partition type */
+ /* Only used if not "unencrypted".
+ Currently used only in virStorageVolDef.target, not in .backingstore. */
+ virStorageEncryptionPtr encryption;
};
diff --git a/tests/storagevolschemadata/vol-qcow2.xml b/tests/storagevolschemadata/vol-qcow2.xml
index c1cf02f..b07c93c 100644
--- a/tests/storagevolschemadata/vol-qcow2.xml
+++ b/tests/storagevolschemadata/vol-qcow2.xml
@@ -14,6 +14,10 @@
<group>0</group>
<label>unconfined_u:object_r:virt_image_t:s0</label>
</permissions>
+ <encryption format='qcow'>
+ <secret type='passphrase'
+ secret_id='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
+ </encryption>
</target>
<backingStore>
<path>/var/lib/libvirt/images/BaseDemo.img</path>
--
1.6.2.5
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list