Re: [PATCH v5 09/10] virsh: implement new command for launch security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 4/2/18 6:31 PM, John Ferlan wrote:
>
> On 04/02/2018 10:18 AM, Brijesh Singh wrote:
>> Add new 'launch-security' command, the command can be used to get or set
>> the launch security information when booting encrypted VMs.
>>
>> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
>> ---
>>  tools/virsh-domain.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++
>>  1 file changed, 84 insertions(+)
>>
> Need to modify tools/virsh.pod too in order to supply the man page
> information.

Ah, I missed that. Will add help in next rev.

>
>> diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
>> index 2b775fc..4dca191 100644
>> --- a/tools/virsh-domain.c
>> +++ b/tools/virsh-domain.c
>> @@ -13877,6 +13877,84 @@ cmdDomFSInfo(vshControl *ctl, const vshCmd *cmd)
>>      return ret >= 0;
>>  }
>>  
>> +/*
>> + * "launch-security" command
>> + */
>> +static const vshCmdInfo info_launch_security[] = {
>> +    {.name = "help",
>> +        .data = N_("Get or set launch-security information")
>> +    },
>> +    {.name = "desc",
>> +        .data = N_("Get or set the current launch-security information for a guest"
>> +                   " domain.\n"
>> +                   "    To get the launch-security information use following command: \n\n"
>> +                   "    virsh # launch-security <domain>")
>> +    },
> Rather lengthy...  don't think the last 2 lines are necessary. Is there
> another command doing the same?

Yes, I tried to follow other commands.

> Probably should fill in the ".help" entry too like other commands.

OK.
>> +    {.name = NULL}
>> +};
>> +
>> +static const vshCmdOptDef opts_launch_security[] = {
>> +    VIRSH_COMMON_OPT_DOMAIN_FULL(0),
>> +    {.name = "get",
>> +     .type = VSH_OT_STRING,
>> +     .help = N_("Show the launch-security info")
>> +    },
>> +    VIRSH_COMMON_OPT_DOMAIN_CONFIG,
>> +    VIRSH_COMMON_OPT_DOMAIN_LIVE,
>> +    VIRSH_COMMON_OPT_DOMAIN_CURRENT,
>> +    {.name = NULL}
>> +};
>> +
> 2 lines...
>
>> +static void
>> +virshPrintLaunchSecurityInfo(vshControl *ctl, virTypedParameterPtr params,
>> +                             int nparams)
>> +{
>> +    size_t i;
>> +
> Should there perhaps be a header here for the columns?

For now we have only one column and I am not too sure if we need to add
a header file for it, if it grows then we can revisit.
>
>> +    for (i = 0; i < nparams; i++) {
>> +        if (params[i].type == VIR_TYPED_PARAM_STRING)
>> +            vshPrintExtra(ctl, "%-15s: %s\n", params[i].field, params[i].value.s);
>> +    }
>> +}
>> +
> 2 lines...
>
> John
>
>> +static bool
>> +cmdLaunchSecurity(vshControl *ctl, const vshCmd *cmd)
>> +{
>> +    virDomainPtr dom;
>> +    int nparams = 0;
>> +    virTypedParameterPtr params = NULL;
>> +    bool ret = false;
>> +    unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
>> +    bool current = vshCommandOptBool(cmd, "current");
>> +    bool config = vshCommandOptBool(cmd, "config");
>> +    bool live = vshCommandOptBool(cmd, "live");
>> +
>> +    VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
>> +    VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
>> +
>> +    if (config)
>> +        flags |= VIR_DOMAIN_AFFECT_CONFIG;
>> +    if (live)
>> +        flags |= VIR_DOMAIN_AFFECT_LIVE;
>> +
>> +    if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
>> +        return false;
>> +
>> +    if (virDomainGetLaunchSecurityInfo(dom, &params, &nparams, flags) != 0) {
>> +        vshError(ctl, "%s", _("Unable to get launch security info"));
>> +        goto cleanup;
>> +    }
>> +
>> +    virshPrintLaunchSecurityInfo(ctl, params, nparams);
>> +
>> +    ret = true;
>> + cleanup:
>> +    virTypedParamsFree(params, nparams);
>> +    virshDomainFree(dom);
>> +    return ret;
>> +}
>> +
>> +
>>  const vshCmdDef domManagementCmds[] = {
>>      {.name = "attach-device",
>>       .handler = cmdAttachDevice,
>> @@ -14492,5 +14570,11 @@ const vshCmdDef domManagementCmds[] = {
>>       .info = info_domblkthreshold,
>>       .flags = 0
>>      },
>> +    {.name = "launch-security",
>> +     .handler = cmdLaunchSecurity,
>> +     .opts = opts_launch_security,
>> +     .info = info_launch_security,
>> +     .flags = 0
>> +    },
>>      {.name = NULL}
>>  };
>>

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux