[libvirt PATCH v2 05/12] tools: add 'domlaunchsecinfo' virsh command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This command reports the launch security parameters for
a guest, allowing an external tool to perform a launch
attestation.

Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
 docs/manpages/virsh.rst | 17 +++++++++++++
 tools/virsh-domain.c    | 53 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 275f416090..1a74217625 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -2057,6 +2057,23 @@ destination hosts have synchronized time (i.e., NTP daemon is running
 on both of them).
 
 
+domlaunchsecinfo
+----------------
+
+**Syntax:**
+
+::
+
+   domlaunchsecinfo domain
+
+Returns information about the launch security parameters associated
+with a running domain.
+
+The set of parameters reported will vary depending on which type of
+launch security protection is active. If none is active, no parameters
+will be reported.
+
+
 dommemstat
 ----------
 
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 8379f9f135..1560a8ea0d 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9525,6 +9525,53 @@ cmdNumatune(vshControl * ctl, const vshCmd * cmd)
     goto cleanup;
 }
 
+/*
+ * "domlaunchsecinfo" command
+ */
+static const vshCmdInfo info_domlaunchsecinfo[] = {
+    {.name = "help",
+     .data = N_("Get domain launch security info")
+    },
+    {.name = "desc",
+     .data = N_("Get the launch security parameters for a guest domain")
+    },
+    {.name = NULL}
+};
+
+static const vshCmdOptDef opts_domlaunchsecinfo[] = {
+    VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+    {.name = NULL}
+};
+
+static bool
+cmdDomLaunchSecInfo(vshControl * ctl, const vshCmd * cmd)
+{
+    g_autoptr(virshDomain) dom = NULL;
+    size_t i;
+    int nparams = 0;
+    virTypedParameterPtr params = NULL;
+    bool ret = false;
+
+    if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
+        return false;
+
+    if (virDomainGetLaunchSecurityInfo(dom, &params, &nparams, 0) != 0) {
+        vshError(ctl, "%s", _("Unable to get launch security parameters"));
+        goto cleanup;
+    }
+
+    for (i = 0; i < nparams; i++) {
+        g_autofree char *str = vshGetTypedParamValue(ctl, &params[i]);
+        vshPrint(ctl, "%-15s: %s\n", params[i].field, str);
+    }
+
+    ret = true;
+
+ cleanup:
+    virTypedParamsFree(params, nparams);
+    return ret;
+}
+
 /*
  * "qemu-monitor-command" command
  */
@@ -14544,6 +14591,12 @@ const vshCmdDef domManagementCmds[] = {
      .info = info_domjobinfo,
      .flags = 0
     },
+    {.name = "domlaunchsecinfo",
+     .handler = cmdDomLaunchSecInfo,
+     .opts = opts_domlaunchsecinfo,
+     .info = info_domlaunchsecinfo,
+     .flags = 0
+    },
     {.name = "domname",
      .handler = cmdDomname,
      .opts = opts_domname,
-- 
2.33.1




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux