Introudce functions that will let us create the evdevs in namespaces
and label the devices on input device hotplug/hotunplug.
---
src/qemu/qemu_domain.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_domain.h | 6 ++++
src/qemu/qemu_security.c | 58 ++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_security.h | 6 ++++
4 files changed, 142 insertions(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index b2fc3b816..5831a2025 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -9969,6 +9969,78 @@ qemuDomainNamespaceTeardownRNG(virQEMUDriverPtr driver,
}
+int
+qemuDomainNamespaceSetupInput(virDomainObjPtr vm,
+ virDomainInputDefPtr input)
+{
+ qemuDomainObjPrivatePtr priv = vm->privateData;
+ virQEMUDriverPtr driver = priv->driver;
+ virQEMUDriverConfigPtr cfg = NULL;
+ char **devMountsPath = NULL;
+ size_t ndevMountsPath = 0;
+ const char *path = NULL;
+ int ret = -1;
+
+ if (!(path = virDomainInputDefGetPath(input)))
+ return 0;
+
+ if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ return 0;
+
+ cfg = virQEMUDriverGetConfig(driver);
+ if (qemuDomainGetPreservedMounts(cfg, vm,
+ &devMountsPath, NULL,
+ &ndevMountsPath) < 0)
+ goto cleanup;
+
+ if (qemuDomainAttachDeviceMknod(driver, vm, path,
+ devMountsPath, ndevMountsPath) < 0)
+ goto cleanup;
+
+ ret = 0;
+ cleanup:
+ virStringListFreeCount(devMountsPath, ndevMountsPath);
+ virObjectUnref(cfg);
+ return ret;
+}
+
+
+int
+qemuDomainNamespaceTeardownInput(virDomainObjPtr vm,
+ virDomainInputDefPtr input)
+{
+ qemuDomainObjPrivatePtr priv = vm->privateData;
+ virQEMUDriverPtr driver = priv->driver;
+ virQEMUDriverConfigPtr cfg = NULL;
+ char **devMountsPath = NULL;
+ size_t ndevMountsPath = 0;
+ const char *path = NULL;
+ int ret = -1;
+
+ if (!(path = virDomainInputDefGetPath(input)))
+ return 0;
+
+ if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ return 0;
+
+ cfg = virQEMUDriverGetConfig(driver);
+ if (qemuDomainGetPreservedMounts(cfg, vm,
+ &devMountsPath, NULL,
+ &ndevMountsPath) < 0)
+ goto cleanup;
+
+ if (qemuDomainDetachDeviceUnlink(driver, vm, path,
+ devMountsPath, ndevMountsPath) < 0)
+ goto cleanup;
+
+ ret = 0;
+ cleanup:
+ virStringListFreeCount(devMountsPath, ndevMountsPath);
+ virObjectUnref(cfg);
+ return ret;
+}
+
+
/**
* qemuDomainDiskLookupByNodename:
* @def: domain definition to look for the disk
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index e021da51f..e699ab5ba 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -968,6 +968,12 @@ int qemuDomainNamespaceTeardownRNG(virQEMUDriverPtr driver,
virDomainObjPtr vm,
virDomainRNGDefPtr rng);
+int qemuDomainNamespaceSetupInput(virDomainObjPtr vm,
+ virDomainInputDefPtr input);
+
+int qemuDomainNamespaceTeardownInput(virDomainObjPtr vm,
+ virDomainInputDefPtr input);
+
virDomainDiskDefPtr qemuDomainDiskLookupByNodename(virDomainDefPtr def,
const char *nodename,
virStorageSourcePtr *src,
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 6fc3b0bb6..e7d2bbd5a 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -306,3 +306,61 @@ qemuSecurityRestoreMemoryLabel(virQEMUDriverPtr driver,
virSecurityManagerTransactionAbort(driver->securityManager);
return ret;
}
+
+
+int
+qemuSecuritySetInputLabel(virDomainObjPtr vm,
+ virDomainInputDefPtr input)
+{
+ qemuDomainObjPrivatePtr priv = vm->privateData;
+ virQEMUDriverPtr driver = priv->driver;
+ int ret = -1;
+
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+ virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ goto cleanup;
+
+ if (virSecurityManagerSetInputLabel(driver->securityManager,
+ vm->def,
+ input) < 0)
+ goto cleanup;
+
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+ virSecurityManagerTransactionCommit(driver->securityManager,
+ vm->pid) < 0)
+ goto cleanup;
+
+ ret = 0;
+ cleanup:
+ virSecurityManagerTransactionAbort(driver->securityManager);
+ return ret;
+}
+
+
+int
+qemuSecurityRestoreInputLabel(virDomainObjPtr vm,
+ virDomainInputDefPtr input)
+{
+ qemuDomainObjPrivatePtr priv = vm->privateData;
+ virQEMUDriverPtr driver = priv->driver;
+ int ret = -1;
+
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+ virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ goto cleanup;
+
+ if (virSecurityManagerRestoreInputLabel(driver->securityManager,
+ vm->def,
+ input) < 0)
+ goto cleanup;
+
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+ virSecurityManagerTransactionCommit(driver->securityManager,
+ vm->pid) < 0)
+ goto cleanup;
+
+ ret = 0;
+ cleanup:
+ virSecurityManagerTransactionAbort(driver->securityManager);
+ return ret;
+}
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 7b25855bf..76d63f06e 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -70,6 +70,12 @@ int qemuSecurityRestoreMemoryLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
virDomainMemoryDefPtr mem);
+int qemuSecuritySetInputLabel(virDomainObjPtr vm,
+ virDomainInputDefPtr input);
+
+int qemuSecurityRestoreInputLabel(virDomainObjPtr vm,
+ virDomainInputDefPtr input);
+
/* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
* new APIs here. If an API can touch a /dev file add a proper wrapper instead.
*/
--
2.13.6
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On 11/21/2017 04:05 PM, Ján Tomko wrote:
> Introudce functions that will let us create the evdevs in namespaces
> and label the devices on input device hotplug/hotunplug.
> ---
> src/qemu/qemu_domain.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++
> src/qemu/qemu_domain.h | 6 ++++
> src/qemu/qemu_security.c | 58 ++++++++++++++++++++++++++++++++++++++
> src/qemu/qemu_security.h | 6 ++++
> 4 files changed, 142 insertions(+)
>
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index b2fc3b816..5831a2025 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -9969,6 +9969,78 @@ qemuDomainNamespaceTeardownRNG(virQEMUDriverPtr driver,
> }
>
>
> +int
> +qemuDomainNamespaceSetupInput(virDomainObjPtr vm,
> + virDomainInputDefPtr input)
> +{
> + qemuDomainObjPrivatePtr priv = vm->privateData;
> + virQEMUDriverPtr driver = priv->driver;
> + virQEMUDriverConfigPtr cfg = NULL;
> + char **devMountsPath = NULL;
> + size_t ndevMountsPath = 0;
> + const char *path = NULL;
> + int ret = -1;
> +
> + if (!(path = virDomainInputDefGetPath(input)))
> + return 0;
> +
> + if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
> + return 0;
Just a small nit. I prefer this namespace check to be the first in the
function (look at qemuDomainNamespaceSetupChardev() for instance).
> +
> + cfg = virQEMUDriverGetConfig(driver);
> + if (qemuDomainGetPreservedMounts(cfg, vm,
> + &devMountsPath, NULL,
> + &ndevMountsPath) < 0)
> + goto cleanup;
> +
> + if (qemuDomainAttachDeviceMknod(driver, vm, path,
> + devMountsPath, ndevMountsPath) < 0)
> + goto cleanup;
> +
> + ret = 0;
> + cleanup:
> + virStringListFreeCount(devMountsPath, ndevMountsPath);
> + virObjectUnref(cfg);
> + return ret;
> +}
> +
> +
> +int
> +qemuDomainNamespaceTeardownInput(virDomainObjPtr vm,
> + virDomainInputDefPtr input)
> +{
> + qemuDomainObjPrivatePtr priv = vm->privateData;
> + virQEMUDriverPtr driver = priv->driver;
> + virQEMUDriverConfigPtr cfg = NULL;
> + char **devMountsPath = NULL;
> + size_t ndevMountsPath = 0;
> + const char *path = NULL;
> + int ret = -1;
> +
> + if (!(path = virDomainInputDefGetPath(input)))
> + return 0;
> +
> + if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
> + return 0;
Here too.
> +
> + cfg = virQEMUDriverGetConfig(driver);
> + if (qemuDomainGetPreservedMounts(cfg, vm,
> + &devMountsPath, NULL,
> + &ndevMountsPath) < 0)
> + goto cleanup;
> +
> + if (qemuDomainDetachDeviceUnlink(driver, vm, path,
> + devMountsPath, ndevMountsPath) < 0)
> + goto cleanup;
> +
> + ret = 0;
> + cleanup:
> + virStringListFreeCount(devMountsPath, ndevMountsPath);
> + virObjectUnref(cfg);
> + return ret;
> +}
> +
Michal
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2025 Red Hat, Inc.