Allow the possibility of opening a connection to only the network driver, by defining network:///system and network:///session URIs and registering a fake hypervisor driver that supports them. The hypervisor drivers can now directly open a network driver connection at time of need, instead of having to pass around a virConnectPtr through many functions. This will facilitate the later change to support separate daemons for each driver. Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- src/network/bridge_driver.c | 95 ++++++++++++++++++++++++++++++++++++ src/network/bridge_driver_platform.h | 3 ++ 2 files changed, 98 insertions(+) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 7f21381bd4..7aea8079d4 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -671,6 +671,8 @@ networkStateInitialize(bool privileged, goto error; } + network_driver->privileged = privileged; + /* configuration/state paths are one of * ~/.config/libvirt/... (session/unprivileged) * /etc/libvirt/... && /var/(run|lib)/libvirt/... (system/privileged). @@ -868,6 +870,80 @@ networkStateCleanup(void) } +static virDrvOpenStatus networkConnectOpen(virConnectPtr conn, + virConnectAuthPtr auth ATTRIBUTE_UNUSED, + virConfPtr conf ATTRIBUTE_UNUSED, + unsigned int flags) +{ + virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR); + + /* Verify uri was specified */ + if (conn->uri == NULL) { + /* Only hypervisor drivers are permitted to auto-open on NULL uri */ + return VIR_DRV_OPEN_DECLINED; + } else { + if (STRNEQ_NULLABLE(conn->uri->scheme, "network")) + return VIR_DRV_OPEN_DECLINED; + + /* Leave for remote driver */ + if (conn->uri->server != NULL) + return VIR_DRV_OPEN_DECLINED; + + if (network_driver == NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("network state driver is not active")); + return VIR_DRV_OPEN_ERROR; + } + + if (network_driver->privileged) { + if (STRNEQ(conn->uri->path, "/system")) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unexpected network URI path '%s', try network:///system"), + conn->uri->path); + return VIR_DRV_OPEN_ERROR; + } + } else { + if (STRNEQ(conn->uri->path, "/session")) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unexpected network URI path '%s', try network:///session"), + conn->uri->path); + return VIR_DRV_OPEN_ERROR; + } + } + } + + if (virConnectOpenEnsureACL(conn) < 0) + return VIR_DRV_OPEN_ERROR; + + return VIR_DRV_OPEN_SUCCESS; +} + +static int networkConnectClose(virConnectPtr conn ATTRIBUTE_UNUSED) +{ + return 0; +} + + +static int networkConnectIsSecure(virConnectPtr conn ATTRIBUTE_UNUSED) +{ + /* Trivially secure, since always inside the daemon */ + return 1; +} + + +static int networkConnectIsEncrypted(virConnectPtr conn ATTRIBUTE_UNUSED) +{ + /* Not encrypted, but remote driver takes care of that */ + return 0; +} + + +static int networkConnectIsAlive(virConnectPtr conn ATTRIBUTE_UNUSED) +{ + return 1; +} + + /* networkKillDaemon: * * kill the specified pid/name, and wait a bit to make sure it's dead. @@ -5699,6 +5775,23 @@ static virNetworkDriver networkDriver = { .networkGetDHCPLeases = networkGetDHCPLeases, /* 1.2.6 */ }; + +static virHypervisorDriver networkHypervisorDriver = { + .name = "network", + .connectOpen = networkConnectOpen, /* 4.1.0 */ + .connectClose = networkConnectClose, /* 4.1.0 */ + .connectIsEncrypted = networkConnectIsEncrypted, /* 4.1.0 */ + .connectIsSecure = networkConnectIsSecure, /* 4.1.0 */ + .connectIsAlive = networkConnectIsAlive, /* 4.1.0 */ +}; + + +static virConnectDriver networkConnectDriver = { + .hypervisorDriver = &networkHypervisorDriver, + .networkDriver = &networkDriver, +}; + + static virStateDriver networkStateDriver = { .name = "bridge", .stateInitialize = networkStateInitialize, @@ -5710,6 +5803,8 @@ static virStateDriver networkStateDriver = { int networkRegister(void) { + if (virRegisterConnectDriver(&networkConnectDriver, false) < 0) + return -1; if (virSetSharedNetworkDriver(&networkDriver) < 0) return -1; if (virRegisterStateDriver(&networkStateDriver) < 0) diff --git a/src/network/bridge_driver_platform.h b/src/network/bridge_driver_platform.h index f04c0c48b4..706000df4e 100644 --- a/src/network/bridge_driver_platform.h +++ b/src/network/bridge_driver_platform.h @@ -34,6 +34,9 @@ struct _virNetworkDriverState { virMutex lock; + /* Read-only */ + bool privileged; + /* Immutable pointer, self-locking APIs */ virNetworkObjListPtr networks; -- 2.14.3 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list