Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
---
In order to test it you need to disable SELinux, otherwise the
libvirt-dbus daemon is disconnected from system bus by dbus-daemon.
The issue is that dbus-daemon will get avc denied on the passed FD.
The following policy will allow it:
------------------------------------------------------------------------
require {
type svirt_t;
type system_dbusd_t;
class unix_stream_socket { read write };
}
allow system_dbusd_t svirt_t:unix_stream_socket { read write };
------------------------------------------------------------------------
data/org.libvirt.Domain.xml | 7 +++++++
src/domain.c | 31 +++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
diff --git a/data/org.libvirt.Domain.xml b/data/org.libvirt.Domain.xml
index 9743f25..bcd0779 100644
--- a/data/org.libvirt.Domain.xml
+++ b/data/org.libvirt.Domain.xml
@@ -390,6 +390,13 @@
value="See https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainMigrateStartPostCopy"/>
<arg name="flags" type="u" direction="in"/>
</method>
+ <method name="OpenGraphicsFD">
+ <annotation name="org.gtk.GDBus.DocString"
+ value="See https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainOpenGraphicsFD"/>
+ <arg name="idx" type="u" direction="in"/>
+ <arg name="flags" type="u" direction="in"/>
+ <arg name="fd" type="h" direction="out"/>
+ </method>
<method name="PinEmulator">
<annotation name="org.gtk.GDBus.DocString"
value="See https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainPinEmulator"/>
diff --git a/src/domain.c b/src/domain.c
index 3551e31..eaef68c 100644
--- a/src/domain.c
+++ b/src/domain.c
@@ -2033,6 +2033,36 @@ virtDBusDomainMigrateStartPostCopy(GVariant *inArgs,
virtDBusUtilSetLastVirtError(error);
}
+static void
+virtDBusDomainOpenGraphicsFD(GVariant *inArgs,
+ GUnixFDList *inFDs G_GNUC_UNUSED,
+ const gchar *objectPath,
+ gpointer userData,
+ GVariant **outArgs,
+ GUnixFDList **outFDs,
+ GError **error)
+
+{
+ virtDBusConnect *connect = userData;
+ g_autoptr(virDomain) domain = NULL;
+ guint idx;
+ guint flags;
+ gint fd;
+
+ g_variant_get(inArgs, "(uu)", &idx, &flags);
+
+ domain = virtDBusDomainGetVirDomain(connect, objectPath, error);
+ if (!domain)
+ return;
+
+ fd = virDomainOpenGraphicsFD(domain, idx, flags);
+ if (fd < 0)
+ return virtDBusUtilSetLastVirtError(error);
+
+ *outArgs = g_variant_new("(h)", 0);
+ *outFDs = g_unix_fd_list_new_from_array(&fd, 1);
+}
+
static void
virtDBusDomainPinEmulator(GVariant *inArgs,
GUnixFDList *inFDs G_GNUC_UNUSED,
@@ -2896,6 +2926,7 @@ static virtDBusGDBusMethodTable virtDBusDomainMethodTable[] = {
{ "MigrateSetMaxDowntime", virtDBusDomainMigrateSetMaxDowntime },
{ "MigrateSetMaxSpeed", virtDBusDomainMigrateSetMaxSpeed },
{ "MigrateStartPostCopy", virtDBusDomainMigrateStartPostCopy },
+ { "OpenGraphicsFD", virtDBusDomainOpenGraphicsFD },
{ "PinEmulator", virtDBusDomainPinEmulator },
{ "PinIOThread", virtDBusDomainPinIOThread },
{ "PinVcpu", virtDBusDomainPinVcpu },
--
2.17.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
