[PATCH v2 2/4] virsh: Add '--full-seclabels' option for dominfo

Luke Yue <lukedyue@xxxxxxxxx> · Fri, 3 Dec 2021 22:19:55 +0800

There is no virsh command uses virDomainGetSecurityLabelList API, so add
an option for dominfo to call it and print full list of security labels.

Signed-off-by: Luke Yue <lukedyue@xxxxxxxxx>
---
 docs/manpages/virsh.rst      |  5 +++--
 tools/virsh-domain-monitor.c | 43 +++++++++++++++++++++++++++++++-----
 2 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 39636a565e..54391b7557 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -2008,9 +2008,10 @@ dominfo
 
 ::
 
-   dominfo domain
+   dominfo domain [--full-seclabels]
 
-Returns basic information about the domain.
+Returns basic information about the domain. *--full-seclabels* tells virsh
+to print full list of security labels.
 
 
 domjobabort
diff --git a/tools/virsh-domain-monitor.c b/tools/virsh-domain-monitor.c
index eb3e0ef11a..1bb3bed1cb 100644
--- a/tools/virsh-domain-monitor.c
+++ b/tools/virsh-domain-monitor.c
@@ -1203,6 +1203,10 @@ static const vshCmdInfo info_dominfo[] = {
 
 static const vshCmdOptDef opts_dominfo[] = {
     VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+    {.name = "full-seclabels",
+     .type = VSH_OT_BOOL,
+     .help = N_("Show full list of security labels of a domain")
+    },
     {.name = NULL}
 };
 
@@ -1222,6 +1226,7 @@ cmdDominfo(vshControl *ctl, const vshCmd *cmd)
     int has_managed_save = 0;
     virshControl *priv = ctl->privData;
     g_auto(GStrv) messages = NULL;
+    bool fullseclabels = vshCommandOptBool(cmd, "full-seclabels");
 
     if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
         return false;
@@ -1303,16 +1308,42 @@ cmdDominfo(vshControl *ctl, const vshCmd *cmd)
             vshPrint(ctl, "%-15s %s\n", _("Security model:"), secmodel.model);
             vshPrint(ctl, "%-15s %s\n", _("Security DOI:"), secmodel.doi);
 
-            /* Security labels are only valid for active domains */
-            seclabel = g_new0(virSecurityLabel, 1);
+            if (fullseclabels) {
+                int len;
+                size_t i;
 
-            if (virDomainGetSecurityLabel(dom, seclabel) == -1) {
-                VIR_FREE(seclabel);
-                return false;
+                if ((len = virDomainGetSecurityLabelList(dom, &seclabel)) < 0) {
+                    g_clear_pointer(&seclabel, g_free);
+                    return false;
+                }
+
+                for (i = 0; i < len; i++)
+                    if (seclabel[i].label[0] != '\0')
+                        vshPrint(ctl, "%-16s %s (%s)\n",
+                                 i == 0 ? _("Security labels:") : "",
+                                 seclabel[i].label,
+                                 seclabel[i].enforcing ?
+                                 "enforcing" :
+                                 "permissive");
+
+                g_clear_pointer(&seclabel, g_free);
             } else {
+                /* Security labels are only valid for active domains */
+                seclabel = g_new0(virSecurityLabel, 1);
+
+                if (virDomainGetSecurityLabel(dom, seclabel) < 0) {
+                    g_clear_pointer(&seclabel, g_free);
+                    return false;
+                }
+
                 if (seclabel->label[0] != '\0')
                     vshPrint(ctl, "%-15s %s (%s)\n", _("Security label:"),
-                             seclabel->label, seclabel->enforcing ? "enforcing" : "permissive");
+                             seclabel->label,
+                             seclabel->enforcing ?
+                             "enforcing" :
+                             "permissive");
+
+                g_clear_pointer(&seclabel, g_free);
             }
 
             VIR_FREE(seclabel);
-- 
2.34.1







