From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Introduce a new 'access_driver' configuration parameter which
specifies the name of the access control manager driver to
activate. By default the 'no op' driver is active
---
src/qemu/qemu.conf | 5 +++++
src/qemu/qemu_conf.c | 9 +++++++++
src/qemu/qemu_conf.h | 3 +++
src/qemu/qemu_driver.c | 24 ++++++++++++++++++++++++
4 files changed, 41 insertions(+)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index cb87728..4ea4eb6 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -147,6 +147,11 @@
# guests will be blocked. Defaults to 0.
# security_require_confined = 1
+# There is no default access control driver
+#
+# access_driver = "polkit"
+
+
# The user ID for QEMU processes run by the system instance.
#user = "root"
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 88a04bc..e4a4efc 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -210,6 +210,15 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
CHECK_TYPE ("security_require_confined", VIR_CONF_LONG);
if (p) driver->securityRequireConfined = p->l;
+ p = virConfGetValue (conf, "access_driver");
+ CHECK_TYPE ("access_driver", VIR_CONF_STRING);
+ if (p && p->str) {
+ if (!(driver->accessDriverName = strdup(p->str))) {
+ virReportOOMError();
+ virConfFree(conf);
+ return -1;
+ }
+ }
p = virConfGetValue (conf, "vnc_sasl");
CHECK_TYPE ("vnc_sasl", VIR_CONF_LONG);
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 482e6d3..f3daa03 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -34,6 +34,7 @@
# include "domain_event.h"
# include "threads.h"
# include "security/security_manager.h"
+# include "access/viraccessmanager.h"
# include "cgroup.h"
# include "pci.h"
# include "hostusb.h"
@@ -120,6 +121,8 @@ struct qemud_driver {
bool securityDefaultConfined;
bool securityRequireConfined;
virSecurityManagerPtr securityManager;
+ char *accessDriverName;
+ virAccessManagerPtr accessManager;
char *saveImageFormat;
char *dumpImageFormat;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 86e82d6..751c3c7 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -249,6 +249,26 @@ error:
}
+static int
+qemuAccessInit(struct qemud_driver *driver)
+{
+ virAccessManagerPtr mgr = virAccessManagerNew(driver->accessDriverName ?
+ driver->accessDriverName :
+ "none");
+ if (!mgr)
+ goto error;
+
+ driver->accessManager = mgr;
+
+ return 0;
+
+error:
+ VIR_ERROR(_("Failed to initialize access drivers"));
+ virAccessManagerFree(mgr);
+ return -1;
+}
+
+
static virCapsPtr
qemuCreateCapabilities(virCapsPtr oldcaps,
struct qemud_driver *driver)
@@ -613,6 +633,9 @@ qemudStartup(int privileged) {
if (qemuSecurityInit(qemu_driver) < 0)
goto error;
+ if (qemuAccessInit(qemu_driver) < 0)
+ goto error;
+
if ((qemu_driver->caps = qemuCreateCapabilities(NULL,
qemu_driver)) == NULL)
goto error;
@@ -857,6 +880,7 @@ qemudShutdown(void) {
VIR_FREE(qemu_driver->dumpImageFormat);
virSecurityManagerFree(qemu_driver->securityManager);
+ virAccessManagerFree(qemu_driver->accessManager);
ebtablesContextFree(qemu_driver->ebtables);
--
1.7.10
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list