[PATCH 11/12] Add configuration to QEMU driver to support access control managers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

Introduce a new 'access_driver' configuration parameter which
specifies the name of the access control manager driver to
activate. By default the 'no op' driver is active
---
 src/qemu/qemu.conf     |    5 +++++
 src/qemu/qemu_conf.c   |    9 +++++++++
 src/qemu/qemu_conf.h   |    3 +++
 src/qemu/qemu_driver.c |   24 ++++++++++++++++++++++++
 4 files changed, 41 insertions(+)

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index cb87728..4ea4eb6 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -147,6 +147,11 @@
 # guests will be blocked. Defaults to 0.
 # security_require_confined = 1
 
+# There is no default access control driver
+#
+# access_driver = "polkit"
+
+
 # The user ID for QEMU processes run by the system instance.
 #user = "root"
 
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 88a04bc..e4a4efc 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -210,6 +210,15 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
     CHECK_TYPE ("security_require_confined", VIR_CONF_LONG);
     if (p) driver->securityRequireConfined = p->l;
 
+    p = virConfGetValue (conf, "access_driver");
+    CHECK_TYPE ("access_driver", VIR_CONF_STRING);
+    if (p && p->str) {
+        if (!(driver->accessDriverName = strdup(p->str))) {
+            virReportOOMError();
+            virConfFree(conf);
+            return -1;
+        }
+    }
 
     p = virConfGetValue (conf, "vnc_sasl");
     CHECK_TYPE ("vnc_sasl", VIR_CONF_LONG);
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 482e6d3..f3daa03 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -34,6 +34,7 @@
 # include "domain_event.h"
 # include "threads.h"
 # include "security/security_manager.h"
+# include "access/viraccessmanager.h"
 # include "cgroup.h"
 # include "pci.h"
 # include "hostusb.h"
@@ -120,6 +121,8 @@ struct qemud_driver {
     bool securityDefaultConfined;
     bool securityRequireConfined;
     virSecurityManagerPtr securityManager;
+    char *accessDriverName;
+    virAccessManagerPtr accessManager;
 
     char *saveImageFormat;
     char *dumpImageFormat;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 86e82d6..751c3c7 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -249,6 +249,26 @@ error:
 }
 
 
+static int
+qemuAccessInit(struct qemud_driver *driver)
+{
+    virAccessManagerPtr mgr = virAccessManagerNew(driver->accessDriverName ?
+                                                  driver->accessDriverName :
+                                                  "none");
+    if (!mgr)
+        goto error;
+
+    driver->accessManager = mgr;
+
+    return 0;
+
+error:
+    VIR_ERROR(_("Failed to initialize access drivers"));
+    virAccessManagerFree(mgr);
+    return -1;
+}
+
+
 static virCapsPtr
 qemuCreateCapabilities(virCapsPtr oldcaps,
                        struct qemud_driver *driver)
@@ -613,6 +633,9 @@ qemudStartup(int privileged) {
     if (qemuSecurityInit(qemu_driver) < 0)
         goto error;
 
+    if (qemuAccessInit(qemu_driver) < 0)
+        goto error;
+
     if ((qemu_driver->caps = qemuCreateCapabilities(NULL,
                                                     qemu_driver)) == NULL)
         goto error;
@@ -857,6 +880,7 @@ qemudShutdown(void) {
     VIR_FREE(qemu_driver->dumpImageFormat);
 
     virSecurityManagerFree(qemu_driver->securityManager);
+    virAccessManagerFree(qemu_driver->accessManager);
 
     ebtablesContextFree(qemu_driver->ebtables);
 
-- 
1.7.10

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]