Signed-off-by: Katerina Koukiou <kkoukiou@redhat.com>
---
data/org.libvirt.Connect.xml | 4 ++++
src/connect.c | 20 ++++++++++++++++++++
test/test_connect.py | 1 +
3 files changed, 25 insertions(+)
diff --git a/data/org.libvirt.Connect.xml b/data/org.libvirt.Connect.xml
index 5548820..3791251 100644
--- a/data/org.libvirt.Connect.xml
+++ b/data/org.libvirt.Connect.xml
@@ -7,6 +7,10 @@
<annotation name="org.gtk.GDBus.DocString"
value="See https://libvirt.org/html/libvirt-libvirt-host.html#virConnectGetCapabilities"/>
</property>
+ <property name="Encrypted" type="b" access="read">
+ <annotation name="org.gtk.GDBus.DocString"
+ value="See https://libvirt.org/html/libvirt-libvirt-host.html#virConnectIsEncrypted"/>
+ </property>
<property name="Hostname" type="s" access="read">
<annotation name="org.gtk.GDBus.DocString"
value="See https://libvirt.org/html/libvirt-libvirt-host.html#virConnectGetHostname"/>
diff --git a/src/connect.c b/src/connect.c
index 3fbb770..4d90fc4 100644
--- a/src/connect.c
+++ b/src/connect.c
@@ -110,6 +110,25 @@ virtDBusConnectGetCapabilities(const gchar *objectPath G_GNUC_UNUSED,
*value = g_variant_new("s", capabilities);
}
+static void
+virtDBusConnectGetEncrypted(const gchar *objectPath G_GNUC_UNUSED,
+ gpointer userData,
+ GVariant **value,
+ GError **error)
+{
+ virtDBusConnect *connect = userData;
+ gint encrypted;
+
+ if (!virtDBusConnectOpen(connect, error))
+ return;
+
+ encrypted = virConnectIsEncrypted(connect->connection);
+ if (encrypted < 0)
+ return virtDBusUtilSetLastVirtError(error);
+
+ *value = g_variant_new("b", !!encrypted);
+}
+
static void
virtDBusConnectGetHostname(const gchar *objectPath G_GNUC_UNUSED,
gpointer userData,
@@ -500,6 +519,7 @@ virtDBusNetworkLookupByUUID(GVariant *inArgs,
static virtDBusGDBusPropertyTable virtDBusConnectPropertyTable[] = {
{ "Capabilities", virtDBusConnectGetCapabilities, NULL },
+ { "Encrypted", virtDBusConnectGetEncrypted, NULL },
{ "Hostname", virtDBusConnectGetHostname, NULL },
{ "LibVersion", virtDBusConnectGetLibVersion, NULL },
{ "Version", virtDBusConnectGetVersion, NULL },
diff --git a/test/test_connect.py b/test/test_connect.py
index f544f76..91c8bb6 100755
--- a/test/test_connect.py
+++ b/test/test_connect.py
@@ -82,6 +82,7 @@ class TestConnect(libvirttest.BaseTestClass):
@pytest.mark.parametrize("property_name,expected_type", [
("Capabilities", dbus.String),
+ ("Encrypted", dbus.Boolean),
("Hostname", dbus.String),
("LibVersion", dbus.UInt64),
("Version", dbus.UInt64),
--
2.15.0
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Mon, Apr 09, 2018 at 01:47:35PM +0200, Katerina Koukiou wrote: > Signed-off-by: Katerina Koukiou <kkoukiou@redhat.com> > --- > data/org.libvirt.Connect.xml | 4 ++++ > src/connect.c | 20 ++++++++++++++++++++ > test/test_connect.py | 1 + > 3 files changed, 25 insertions(+) This and the Secure properties are not that simple to just export them. The reason is that the communication over D-Bus can be monitored even if the connection from libvirt-dbus to libvirt is secure. I would skip these two properties for now until we figure it out. Pavel -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Mon, Apr 09, 2018 at 02:40:27PM +0200, Pavel Hrdina wrote: > On Mon, Apr 09, 2018 at 01:47:35PM +0200, Katerina Koukiou wrote: > > Signed-off-by: Katerina Koukiou <kkoukiou@redhat.com> > > --- > > data/org.libvirt.Connect.xml | 4 ++++ > > src/connect.c | 20 ++++++++++++++++++++ > > test/test_connect.py | 1 + > > 3 files changed, 25 insertions(+) > > This and the Secure properties are not that simple to just export > them. The reason is that the communication over D-Bus can be monitored > even if the connection from libvirt-dbus to libvirt is secure. I would > skip these two properties for now until we figure it out. I don't think that's a big problem - I think it is just a documentation task to say that monitoring of traffic on the dbus message bus is out of scope for these properties. IOW they just reflect the security properties of the libvirt-dbus <-> hypervisor paths, not the dbus client <-> hypervisor paths Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Mon, Apr 09, 2018 at 01:49:07PM +0100, Daniel P. Berrangé wrote: > On Mon, Apr 09, 2018 at 02:40:27PM +0200, Pavel Hrdina wrote: > > On Mon, Apr 09, 2018 at 01:47:35PM +0200, Katerina Koukiou wrote: > > > Signed-off-by: Katerina Koukiou <kkoukiou@redhat.com> > > > --- > > > data/org.libvirt.Connect.xml | 4 ++++ > > > src/connect.c | 20 ++++++++++++++++++++ > > > test/test_connect.py | 1 + > > > 3 files changed, 25 insertions(+) > > > > This and the Secure properties are not that simple to just export > > them. The reason is that the communication over D-Bus can be monitored > > even if the connection from libvirt-dbus to libvirt is secure. I would > > skip these two properties for now until we figure it out. > > I don't think that's a big problem - I think it is just a documentation > task to say that monitoring of traffic on the dbus message bus is out > of scope for these properties. IOW they just reflect the security > properties of the libvirt-dbus <-> hypervisor paths, not the > dbus client <-> hypervisor paths The only concern that I have is that it might be misleading to see the connection as secure but in fact the whole communication is not secure or encrypted. Currently every connection is secure and not encrypted since we use only local connections. In the future if we allow to configure remote connection it will have some value. I guess that user will have to trust to the system where the D-Bus communication is held on. Pavel -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2025 Red Hat, Inc.