[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 12/20] Attach encryption information to virStorageVolDef.



On Tue, Aug 04, 2009 at 10:28:27PM +0200, Miloslav Trma?? wrote:
> The XML allows <encryption format='unencrypted'/>, this implementation
> canonicalizes the internal representation so that "vol->encryption" is
> non-NULL iff the volume is encrypted.
> 
> Note that partial encryption information (e.g. specifying an encryption
> format, but not the key/passphrase) is valid, libvirt will automatically
> choose value for the missing information during volume creation.  The
> user can read the volume XML, and use the unmodified <encryption> tag in
> future operations (without having to be able to understand) its contents.

> diff --git a/docs/schemas/storagevol.rng b/docs/schemas/storagevol.rng
> index 7dc7876..6ab685a 100644
> --- a/docs/schemas/storagevol.rng
> +++ b/docs/schemas/storagevol.rng
> @@ -6,6 +6,8 @@
>      <ref name='vol'/>
>    </start>
>  
> +  <include href='storageencryption.rng'/>
> +
>  
>    <define name='vol'>
>      <element name='volume'>
> @@ -74,6 +76,7 @@
>        </optional>
>        <ref name='format'/>
>        <ref name='permissions'/>
> +      <ref name='encryption'/>
>      </element>
>    </define>

To allow removal of "<encryption>" for non-encrypted cases, I
believe we'd need to add   

  <optional>
    <ref name='encrption'/>
  </optional>

Unless that's 'encryption' schema rule itself has <optional>
already ?

>  
> diff --git a/src/storage_conf.c b/src/storage_conf.c
> index 075279c..9a1b0ba 100644
> --- a/src/storage_conf.c
> +++ b/src/storage_conf.c
> @@ -265,8 +265,10 @@ virStorageVolDefFree(virStorageVolDefPtr def) {
>  
>      VIR_FREE(def->target.path);
>      VIR_FREE(def->target.perms.label);
> +    virStorageEncryptionFree(def->target.encryption);
>      VIR_FREE(def->backingStore.path);
>      VIR_FREE(def->backingStore.perms.label);
> +    virStorageEncryptionFree(def->backingStore.encryption);
>      VIR_FREE(def);
>  }
>  
> @@ -960,6 +962,7 @@ virStorageVolDefParseXML(virConnectPtr conn,
>      char *allocation = NULL;
>      char *capacity = NULL;
>      char *unit = NULL;
> +    xmlNodePtr node;
>  
>      options = virStorageVolOptionsForPoolType(pool->type);
>      if (options == NULL)
> @@ -1024,6 +1027,19 @@ virStorageVolDefParseXML(virConnectPtr conn,
>                                  "./target/permissions", 0600) < 0)
>          goto cleanup;
>  
> +    node = virXPathNode(conn, "./target/encryption", ctxt);
> +    if (node != NULL) {
> +        virStorageEncryptionPtr enc;
> +
> +        enc = virStorageEncryptionParseNode(conn, ctxt->doc, node);
> +        if (enc == NULL)
> +            goto cleanup;
> +        if (enc->format != VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED)
> +            ret->target.encryption = enc;
> +        else
> +            virStorageEncryptionFree(enc);
> +    }
> +
>  
>  
>      ret->backingStore.path = virXPathString(conn, "string(./backingStore/path)", ctxt);
> @@ -1194,6 +1210,10 @@ virStorageVolTargetDefFormat(virConnectPtr conn,
>  
>      virBufferAddLit(buf,"    </permissions>\n");
>  
> +    if (def->encryption != NULL &&
> +        virStorageEncryptionFormat(conn, buf, def->encryption) < 0)
> +        return -1;
> +
>      virBufferVSprintf(buf, "  </%s>\n", type);
>  
>      return 0;
> diff --git a/src/storage_conf.h b/src/storage_conf.h
> index a6c3650..8ae1742 100644
> --- a/src/storage_conf.h
> +++ b/src/storage_conf.h
> @@ -26,6 +26,7 @@
>  
>  #include "internal.h"
>  #include "util.h"
> +#include "storage_encryption.h"
>  #include "threads.h"
>  
>  #include <libxml/tree.h>
> @@ -77,6 +78,9 @@ struct _virStorageVolTarget {
>      int format;
>      virStoragePerms perms;
>      int type; /* only used by disk backend for partition type */
> +    /* Only used if not "unencrypted".
> +       Currently used only in virStorageVolDef.target, not in .backingstore. */
> +    virStorageEncryptionPtr encryption;
>  };
>  
>  
> diff --git a/tests/storagevolschemadata/vol-qcow2.xml b/tests/storagevolschemadata/vol-qcow2.xml
> index c1cf02f..b07c93c 100644
> --- a/tests/storagevolschemadata/vol-qcow2.xml
> +++ b/tests/storagevolschemadata/vol-qcow2.xml
> @@ -14,6 +14,10 @@
>        <group>0</group>
>        <label>unconfined_u:object_r:virt_image_t:s0</label>
>      </permissions>
> +    <encryption format='qcow'>
> +      <secret type='passphrase'
> +              secret_id='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
> +    </encryption>
>    </target>
>    <backingStore>
>      <path>/var/lib/libvirt/images/BaseDemo.img</path>
> -- 
> 1.6.2.5


Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]