Re: [libvirt-glib PATCH] Add API to get security models from host capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey,

Looks good to me.
There's a 'Nuernberg' typo in the copyright lines
I'm wondering if GVirConfigCapabilitiesSecmodel should be
GVirConfigCapabilitiesHostSecmodel as this is only available under the
host node.
Also, libvirt uses the spelling SecModel/secmodel, might be nice to
follow that (or SecModel/sec_model ?) 

Christophe

On Thu, Jun 05, 2014 at 08:42:24AM +0200, Cédric Bosdonnat wrote:
> ---
>  libvirt-gconfig/Makefile.am                        |  2 +
>  .../libvirt-gconfig-capabilities-host.c            | 51 +++++++++++++++++
>  .../libvirt-gconfig-capabilities-host.h            |  3 +
>  .../libvirt-gconfig-capabilities-secmodel.c        | 55 ++++++++++++++++++
>  .../libvirt-gconfig-capabilities-secmodel.h        | 66 ++++++++++++++++++++++
>  libvirt-gconfig/libvirt-gconfig.h                  |  1 +
>  libvirt-gconfig/libvirt-gconfig.sym                |  5 ++
>  libvirt-gconfig/tests/test-capabilities-parse.c    | 14 ++++-
>  libvirt-gconfig/tests/test-capabilities-parse.xml  |  4 ++
>  9 files changed, 200 insertions(+), 1 deletion(-)
>  create mode 100644 libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.c
>  create mode 100644 libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h
> 
> diff --git a/libvirt-gconfig/Makefile.am b/libvirt-gconfig/Makefile.am
> index 83d521f..50083ed 100644
> --- a/libvirt-gconfig/Makefile.am
> +++ b/libvirt-gconfig/Makefile.am
> @@ -20,6 +20,7 @@ GCONFIG_HEADER_FILES = \
>  			libvirt-gconfig-capabilities-guest-arch.h \
>  			libvirt-gconfig-capabilities-guest-domain.h \
>  			libvirt-gconfig-capabilities-guest-feature.h \
> +			libvirt-gconfig-capabilities-secmodel.h \
>  			libvirt-gconfig-domain.h \
>  			libvirt-gconfig-domain-address.h \
>  			libvirt-gconfig-domain-address-pci.h \
> @@ -107,6 +108,7 @@ GCONFIG_SOURCE_FILES = \
>  			libvirt-gconfig-capabilities-guest-arch.c \
>  			libvirt-gconfig-capabilities-guest-domain.c \
>  			libvirt-gconfig-capabilities-guest-feature.c \
> +			libvirt-gconfig-capabilities-secmodel.c \
>  			libvirt-gconfig-domain.c \
>  			libvirt-gconfig-domain-address.c \
>  			libvirt-gconfig-domain-address-pci.c \
> diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-host.c b/libvirt-gconfig/libvirt-gconfig-capabilities-host.c
> index 6a15206..46d2bc1 100644
> --- a/libvirt-gconfig/libvirt-gconfig-capabilities-host.c
> +++ b/libvirt-gconfig/libvirt-gconfig-capabilities-host.c
> @@ -77,3 +77,54 @@ gvir_config_capabilities_host_get_cpu(GVirConfigCapabilitiesHost *host)
>  
>      return GVIR_CONFIG_CAPABILITIES_CPU(object);
>  }
> +
> +struct GetSecModelData {
> +    GVirConfigXmlDoc *doc;
> +    const gchar *schema;
> +    GList *secmodels;
> +    GType type;
> +};
> +
> +static gboolean add_secmodel(xmlNodePtr node, gpointer opaque)
> +{
> +    struct GetSecModelData* data = (struct GetSecModelData*)opaque;
> +    GVirConfigObject *secmodel;
> +
> +    if (g_strcmp0((const gchar *)node->name, "secmodel") != 0)
> +        return TRUE;
> +
> +    secmodel = gvir_config_object_new_from_tree
> +                                (data->type,
> +                                 data->doc,
> +                                 data->schema,
> +                                 node);
> +    if (secmodel != NULL)
> +        data->secmodels = g_list_append(data->secmodels, secmodel);
> +    else
> +        g_debug("Failed to parse %s node", node->name);
> +
> +    return TRUE;
> +}
> +
> +GList *
> +gvir_config_capabilities_host_get_secmodels(GVirConfigCapabilitiesHost *host)
> +{
> +    struct GetSecModelData data;
> +
> +    g_return_val_if_fail(GVIR_CONFIG_IS_CAPABILITIES_HOST(host), NULL);
> +
> +    data.schema = gvir_config_object_get_schema(GVIR_CONFIG_OBJECT(host));
> +    g_object_get(G_OBJECT(host), "doc", &data.doc, NULL);
> +    g_return_val_if_fail(data.doc != NULL, NULL);
> +    data.secmodels = NULL;
> +    data.type = GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL;
> +
> +    gvir_config_object_foreach_child(GVIR_CONFIG_OBJECT(host),
> +                                     NULL,
> +                                     add_secmodel,
> +                                     &data);
> +
> +    g_clear_object(&data.doc);
> +
> +    return data.secmodels;
> +}
> diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-host.h b/libvirt-gconfig/libvirt-gconfig-capabilities-host.h
> index 34fbb4f..c3c7951 100644
> --- a/libvirt-gconfig/libvirt-gconfig-capabilities-host.h
> +++ b/libvirt-gconfig/libvirt-gconfig-capabilities-host.h
> @@ -67,6 +67,9 @@ gvir_config_capabilities_host_get_uuid(GVirConfigCapabilitiesHost *host);
>  GVirConfigCapabilitiesCpu *
>  gvir_config_capabilities_host_get_cpu(GVirConfigCapabilitiesHost *host);
>  
> +GList *
> +gvir_config_capabilities_host_get_secmodels(GVirConfigCapabilitiesHost *host);
> +
>  G_END_DECLS
>  
>  #endif /* __LIBVIRT_GCONFIG_CAPABILITIES_HOST_H__ */
> diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.c b/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.c
> new file mode 100644
> index 0000000..82285cb
> --- /dev/null
> +++ b/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.c
> @@ -0,0 +1,55 @@
> +/*
> + * libvirt-gconfig-capabilities-secmodel.c: libvirt security model capabilities
> + *
> + * Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library. If not, see
> + * <http://www.gnu.org/licenses/>.
> + *
> + * Authors: Cédric Bosdonnat <cbosdonnat@xxxxxxxx>
> + */
> +
> +#include <config.h>
> +
> +#include "libvirt-gconfig/libvirt-gconfig.h"
> +#include "libvirt-gconfig/libvirt-gconfig-private.h"
> +
> +#define GVIR_CONFIG_CAPABILITIES_SECMODEL_GET_PRIVATE(obj)                         \
> +        (G_TYPE_INSTANCE_GET_PRIVATE((obj), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL, GVirConfigCapabilitiesSecmodelPrivate))
> +
> +struct _GVirConfigCapabilitiesSecmodelPrivate
> +{
> +    gboolean unused;
> +};
> +
> +G_DEFINE_TYPE(GVirConfigCapabilitiesSecmodel, gvir_config_capabilities_secmodel, GVIR_CONFIG_TYPE_OBJECT);
> +
> +static void gvir_config_capabilities_secmodel_class_init(GVirConfigCapabilitiesSecmodelClass *klass)
> +{
> +    g_type_class_add_private(klass, sizeof(GVirConfigCapabilitiesSecmodelPrivate));
> +}
> +
> +static void gvir_config_capabilities_secmodel_init(GVirConfigCapabilitiesSecmodel *secmodel)
> +{
> +    g_debug("Init GVirConfigCapabilitiesSecmodel=%p", secmodel);
> +
> +    secmodel->priv = GVIR_CONFIG_CAPABILITIES_SECMODEL_GET_PRIVATE(secmodel);
> +}
> +
> +const gchar *
> +gvir_config_capabilities_secmodel_get_model(GVirConfigCapabilitiesSecmodel *secmodel)
> +{
> +    return gvir_config_object_get_node_content(GVIR_CONFIG_OBJECT(secmodel),
> +                                               "model");
> +}
> diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h b/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h
> new file mode 100644
> index 0000000..01de24d
> --- /dev/null
> +++ b/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h
> @@ -0,0 +1,66 @@
> +/*
> + * libvirt-gconfig-capabilities-secmodel.h: libvirt security model capabilities
> + *
> + * Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library. If not, see
> + * <http://www.gnu.org/licenses/>.
> + *
> + * Authors: Cédric Bosdonnat <cbosdonnat@xxxxxxxx>
> + */
> +
> +#if !defined(__LIBVIRT_GCONFIG_H__) && !defined(LIBVIRT_GCONFIG_BUILD)
> +#error "Only <libvirt-gconfig/libvirt-gconfig.h> can be included directly."
> +#endif
> +
> +#ifndef __LIBVIRT_GCONFIG_CAPABILITIES_SECMODEL_H__
> +#define __LIBVIRT_GCONFIG_CAPABILITIES_SECMODEL_H__
> +
> +G_BEGIN_DECLS
> +
> +#define GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL            (gvir_config_capabilities_secmodel_get_type ())
> +#define GVIR_CONFIG_CAPABILITIES_SECMODEL(obj)            (G_TYPE_CHECK_INSTANCE_CAST ((obj), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL, GVirConfigCapabilitiesSecmodel))
> +#define GVIR_CONFIG_CAPABILITIES_SECMODEL_CLASS(klass)    (G_TYPE_CHECK_CLASS_CAST ((klass), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL, GVirConfigCapabilitiesSecmodelClass))
> +#define GVIR_CONFIG_IS_CAPABILITIES_SECMODEL(obj)         (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL))
> +#define GVIR_CONFIG_IS_CAPABILITIES_SECMODEL_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL))
> +#define GVIR_CONFIG_CAPABILITIES_SECMODEL_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS ((obj), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL, GVirConfigCapabilitiesSecmodelClass))
> +
> +typedef struct _GVirConfigCapabilitiesSecmodel GVirConfigCapabilitiesSecmodel;
> +typedef struct _GVirConfigCapabilitiesSecmodelPrivate GVirConfigCapabilitiesSecmodelPrivate;
> +typedef struct _GVirConfigCapabilitiesSecmodelClass GVirConfigCapabilitiesSecmodelClass;
> +
> +struct _GVirConfigCapabilitiesSecmodel
> +{
> +    GVirConfigObject parent;
> +
> +    GVirConfigCapabilitiesSecmodelPrivate *priv;
> +
> +    /* Do not add fields to this struct */
> +};
> +
> +struct _GVirConfigCapabilitiesSecmodelClass
> +{
> +    GVirConfigObjectClass parent_class;
> +
> +    gpointer padding[20];
> +};
> +
> +GType gvir_config_capabilities_secmodel_get_type(void);
> +
> +const gchar *
> +gvir_config_capabilities_secmodel_get_model(GVirConfigCapabilitiesSecmodel *secmodel);
> +
> +G_END_DECLS
> +
> +#endif /* __LIBVIRT_GCONFIG_CAPABILITIES_SECMODEL_H__ */
> diff --git a/libvirt-gconfig/libvirt-gconfig.h b/libvirt-gconfig/libvirt-gconfig.h
> index 1582109..3400110 100644
> --- a/libvirt-gconfig/libvirt-gconfig.h
> +++ b/libvirt-gconfig/libvirt-gconfig.h
> @@ -37,6 +37,7 @@
>  #include <libvirt-gconfig/libvirt-gconfig-capabilities-guest-domain.h>
>  #include <libvirt-gconfig/libvirt-gconfig-capabilities-guest-feature.h>
>  #include <libvirt-gconfig/libvirt-gconfig-capabilities-host.h>
> +#include <libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h>
>  #include <libvirt-gconfig/libvirt-gconfig-domain.h>
>  #include <libvirt-gconfig/libvirt-gconfig-domain-address.h>
>  #include <libvirt-gconfig/libvirt-gconfig-domain-address-pci.h>
> diff --git a/libvirt-gconfig/libvirt-gconfig.sym b/libvirt-gconfig/libvirt-gconfig.sym
> index fc68050..6b33dbb 100644
> --- a/libvirt-gconfig/libvirt-gconfig.sym
> +++ b/libvirt-gconfig/libvirt-gconfig.sym
> @@ -689,6 +689,11 @@ global:
>  
>  LIBVIRT_GCONFIG_0.1.9 {
>  global:
> +	gvir_config_capabilities_host_get_secmodels;
> +
> +	gvir_config_capabilities_secmodel_get_model;
> +	gvir_config_capabilities_secmodel_get_type;
> +
>  	gvir_config_domain_chardev_source_spiceport_get_channel;
>  	gvir_config_domain_chardev_source_spiceport_get_type;
>  	gvir_config_domain_chardev_source_spiceport_new;
> diff --git a/libvirt-gconfig/tests/test-capabilities-parse.c b/libvirt-gconfig/tests/test-capabilities-parse.c
> index 8ede160..aec81c5 100644
> --- a/libvirt-gconfig/tests/test-capabilities-parse.c
> +++ b/libvirt-gconfig/tests/test-capabilities-parse.c
> @@ -35,7 +35,7 @@ static void verify_host_caps(GVirConfigCapabilitiesHost *host_caps)
>  {
>      GVirConfigCapabilitiesCpu *cpu_caps;
>      GVirConfigCapabilitiesCpuTopology *topology;
> -    GList *features, *iter;
> +    GList *features, *iter, *secmodels;
>      const char *str;
>  
>      g_assert(host_caps != NULL);
> @@ -60,6 +60,18 @@ static void verify_host_caps(GVirConfigCapabilitiesHost *host_caps)
>      g_assert(gvir_config_capabilities_cpu_topology_get_threads(topology) == 2);
>      g_object_unref(G_OBJECT(topology));
>      g_object_unref(G_OBJECT(cpu_caps));
> +
> +    secmodels = gvir_config_capabilities_host_get_secmodels(host_caps);
> +    g_assert(g_list_length(secmodels) == 2);
> +    for (iter = secmodels; iter != NULL; iter = iter->next) {
> +        GVirConfigCapabilitiesSecmodel *secmodel;
> +
> +        g_assert(iter->data != NULL);
> +        secmodel = GVIR_CONFIG_CAPABILITIES_SECMODEL(iter->data);
> +        g_assert(gvir_config_capabilities_secmodel_get_model(secmodel) != NULL);
> +        g_object_unref(G_OBJECT(iter->data));
> +    }
> +    g_list_free(secmodels);
>  }
>  
>  static void verify_guest_caps(GVirConfigCapabilitiesGuest *guest_caps)
> diff --git a/libvirt-gconfig/tests/test-capabilities-parse.xml b/libvirt-gconfig/tests/test-capabilities-parse.xml
> index 9c76085..477e3fe 100644
> --- a/libvirt-gconfig/tests/test-capabilities-parse.xml
> +++ b/libvirt-gconfig/tests/test-capabilities-parse.xml
> @@ -40,6 +40,10 @@
>        <model>selinux</model>
>        <doi>0</doi>
>      </secmodel>
> +    <secmodel>
> +      <model>apparmor</model>
> +      <doi>0</doi>
> +    </secmodel>
>    </host>
>  
>    <guest>
> -- 
> 1.8.4.5
> 
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list

Attachment: pgpwrDpW5CUhq.pgp
Description: PGP signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]