[libvirt] [libvirt-glib PATCH] Add API to get security models from host capabilities
Cédric Bosdonnat
cbosdonnat at suse.com
Thu Jun 5 06:42:24 UTC 2014
---
libvirt-gconfig/Makefile.am | 2 +
.../libvirt-gconfig-capabilities-host.c | 51 +++++++++++++++++
.../libvirt-gconfig-capabilities-host.h | 3 +
.../libvirt-gconfig-capabilities-secmodel.c | 55 ++++++++++++++++++
.../libvirt-gconfig-capabilities-secmodel.h | 66 ++++++++++++++++++++++
libvirt-gconfig/libvirt-gconfig.h | 1 +
libvirt-gconfig/libvirt-gconfig.sym | 5 ++
libvirt-gconfig/tests/test-capabilities-parse.c | 14 ++++-
libvirt-gconfig/tests/test-capabilities-parse.xml | 4 ++
9 files changed, 200 insertions(+), 1 deletion(-)
create mode 100644 libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.c
create mode 100644 libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h
diff --git a/libvirt-gconfig/Makefile.am b/libvirt-gconfig/Makefile.am
index 83d521f..50083ed 100644
--- a/libvirt-gconfig/Makefile.am
+++ b/libvirt-gconfig/Makefile.am
@@ -20,6 +20,7 @@ GCONFIG_HEADER_FILES = \
libvirt-gconfig-capabilities-guest-arch.h \
libvirt-gconfig-capabilities-guest-domain.h \
libvirt-gconfig-capabilities-guest-feature.h \
+ libvirt-gconfig-capabilities-secmodel.h \
libvirt-gconfig-domain.h \
libvirt-gconfig-domain-address.h \
libvirt-gconfig-domain-address-pci.h \
@@ -107,6 +108,7 @@ GCONFIG_SOURCE_FILES = \
libvirt-gconfig-capabilities-guest-arch.c \
libvirt-gconfig-capabilities-guest-domain.c \
libvirt-gconfig-capabilities-guest-feature.c \
+ libvirt-gconfig-capabilities-secmodel.c \
libvirt-gconfig-domain.c \
libvirt-gconfig-domain-address.c \
libvirt-gconfig-domain-address-pci.c \
diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-host.c b/libvirt-gconfig/libvirt-gconfig-capabilities-host.c
index 6a15206..46d2bc1 100644
--- a/libvirt-gconfig/libvirt-gconfig-capabilities-host.c
+++ b/libvirt-gconfig/libvirt-gconfig-capabilities-host.c
@@ -77,3 +77,54 @@ gvir_config_capabilities_host_get_cpu(GVirConfigCapabilitiesHost *host)
return GVIR_CONFIG_CAPABILITIES_CPU(object);
}
+
+struct GetSecModelData {
+ GVirConfigXmlDoc *doc;
+ const gchar *schema;
+ GList *secmodels;
+ GType type;
+};
+
+static gboolean add_secmodel(xmlNodePtr node, gpointer opaque)
+{
+ struct GetSecModelData* data = (struct GetSecModelData*)opaque;
+ GVirConfigObject *secmodel;
+
+ if (g_strcmp0((const gchar *)node->name, "secmodel") != 0)
+ return TRUE;
+
+ secmodel = gvir_config_object_new_from_tree
+ (data->type,
+ data->doc,
+ data->schema,
+ node);
+ if (secmodel != NULL)
+ data->secmodels = g_list_append(data->secmodels, secmodel);
+ else
+ g_debug("Failed to parse %s node", node->name);
+
+ return TRUE;
+}
+
+GList *
+gvir_config_capabilities_host_get_secmodels(GVirConfigCapabilitiesHost *host)
+{
+ struct GetSecModelData data;
+
+ g_return_val_if_fail(GVIR_CONFIG_IS_CAPABILITIES_HOST(host), NULL);
+
+ data.schema = gvir_config_object_get_schema(GVIR_CONFIG_OBJECT(host));
+ g_object_get(G_OBJECT(host), "doc", &data.doc, NULL);
+ g_return_val_if_fail(data.doc != NULL, NULL);
+ data.secmodels = NULL;
+ data.type = GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL;
+
+ gvir_config_object_foreach_child(GVIR_CONFIG_OBJECT(host),
+ NULL,
+ add_secmodel,
+ &data);
+
+ g_clear_object(&data.doc);
+
+ return data.secmodels;
+}
diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-host.h b/libvirt-gconfig/libvirt-gconfig-capabilities-host.h
index 34fbb4f..c3c7951 100644
--- a/libvirt-gconfig/libvirt-gconfig-capabilities-host.h
+++ b/libvirt-gconfig/libvirt-gconfig-capabilities-host.h
@@ -67,6 +67,9 @@ gvir_config_capabilities_host_get_uuid(GVirConfigCapabilitiesHost *host);
GVirConfigCapabilitiesCpu *
gvir_config_capabilities_host_get_cpu(GVirConfigCapabilitiesHost *host);
+GList *
+gvir_config_capabilities_host_get_secmodels(GVirConfigCapabilitiesHost *host);
+
G_END_DECLS
#endif /* __LIBVIRT_GCONFIG_CAPABILITIES_HOST_H__ */
diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.c b/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.c
new file mode 100644
index 0000000..82285cb
--- /dev/null
+++ b/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.c
@@ -0,0 +1,55 @@
+/*
+ * libvirt-gconfig-capabilities-secmodel.c: libvirt security model capabilities
+ *
+ * Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Authors: Cédric Bosdonnat <cbosdonnat at suse.com>
+ */
+
+#include <config.h>
+
+#include "libvirt-gconfig/libvirt-gconfig.h"
+#include "libvirt-gconfig/libvirt-gconfig-private.h"
+
+#define GVIR_CONFIG_CAPABILITIES_SECMODEL_GET_PRIVATE(obj) \
+ (G_TYPE_INSTANCE_GET_PRIVATE((obj), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL, GVirConfigCapabilitiesSecmodelPrivate))
+
+struct _GVirConfigCapabilitiesSecmodelPrivate
+{
+ gboolean unused;
+};
+
+G_DEFINE_TYPE(GVirConfigCapabilitiesSecmodel, gvir_config_capabilities_secmodel, GVIR_CONFIG_TYPE_OBJECT);
+
+static void gvir_config_capabilities_secmodel_class_init(GVirConfigCapabilitiesSecmodelClass *klass)
+{
+ g_type_class_add_private(klass, sizeof(GVirConfigCapabilitiesSecmodelPrivate));
+}
+
+static void gvir_config_capabilities_secmodel_init(GVirConfigCapabilitiesSecmodel *secmodel)
+{
+ g_debug("Init GVirConfigCapabilitiesSecmodel=%p", secmodel);
+
+ secmodel->priv = GVIR_CONFIG_CAPABILITIES_SECMODEL_GET_PRIVATE(secmodel);
+}
+
+const gchar *
+gvir_config_capabilities_secmodel_get_model(GVirConfigCapabilitiesSecmodel *secmodel)
+{
+ return gvir_config_object_get_node_content(GVIR_CONFIG_OBJECT(secmodel),
+ "model");
+}
diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h b/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h
new file mode 100644
index 0000000..01de24d
--- /dev/null
+++ b/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h
@@ -0,0 +1,66 @@
+/*
+ * libvirt-gconfig-capabilities-secmodel.h: libvirt security model capabilities
+ *
+ * Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Authors: Cédric Bosdonnat <cbosdonnat at suse.com>
+ */
+
+#if !defined(__LIBVIRT_GCONFIG_H__) && !defined(LIBVIRT_GCONFIG_BUILD)
+#error "Only <libvirt-gconfig/libvirt-gconfig.h> can be included directly."
+#endif
+
+#ifndef __LIBVIRT_GCONFIG_CAPABILITIES_SECMODEL_H__
+#define __LIBVIRT_GCONFIG_CAPABILITIES_SECMODEL_H__
+
+G_BEGIN_DECLS
+
+#define GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL (gvir_config_capabilities_secmodel_get_type ())
+#define GVIR_CONFIG_CAPABILITIES_SECMODEL(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL, GVirConfigCapabilitiesSecmodel))
+#define GVIR_CONFIG_CAPABILITIES_SECMODEL_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL, GVirConfigCapabilitiesSecmodelClass))
+#define GVIR_CONFIG_IS_CAPABILITIES_SECMODEL(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL))
+#define GVIR_CONFIG_IS_CAPABILITIES_SECMODEL_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL))
+#define GVIR_CONFIG_CAPABILITIES_SECMODEL_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL, GVirConfigCapabilitiesSecmodelClass))
+
+typedef struct _GVirConfigCapabilitiesSecmodel GVirConfigCapabilitiesSecmodel;
+typedef struct _GVirConfigCapabilitiesSecmodelPrivate GVirConfigCapabilitiesSecmodelPrivate;
+typedef struct _GVirConfigCapabilitiesSecmodelClass GVirConfigCapabilitiesSecmodelClass;
+
+struct _GVirConfigCapabilitiesSecmodel
+{
+ GVirConfigObject parent;
+
+ GVirConfigCapabilitiesSecmodelPrivate *priv;
+
+ /* Do not add fields to this struct */
+};
+
+struct _GVirConfigCapabilitiesSecmodelClass
+{
+ GVirConfigObjectClass parent_class;
+
+ gpointer padding[20];
+};
+
+GType gvir_config_capabilities_secmodel_get_type(void);
+
+const gchar *
+gvir_config_capabilities_secmodel_get_model(GVirConfigCapabilitiesSecmodel *secmodel);
+
+G_END_DECLS
+
+#endif /* __LIBVIRT_GCONFIG_CAPABILITIES_SECMODEL_H__ */
diff --git a/libvirt-gconfig/libvirt-gconfig.h b/libvirt-gconfig/libvirt-gconfig.h
index 1582109..3400110 100644
--- a/libvirt-gconfig/libvirt-gconfig.h
+++ b/libvirt-gconfig/libvirt-gconfig.h
@@ -37,6 +37,7 @@
#include <libvirt-gconfig/libvirt-gconfig-capabilities-guest-domain.h>
#include <libvirt-gconfig/libvirt-gconfig-capabilities-guest-feature.h>
#include <libvirt-gconfig/libvirt-gconfig-capabilities-host.h>
+#include <libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h>
#include <libvirt-gconfig/libvirt-gconfig-domain.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-address.h>
#include <libvirt-gconfig/libvirt-gconfig-domain-address-pci.h>
diff --git a/libvirt-gconfig/libvirt-gconfig.sym b/libvirt-gconfig/libvirt-gconfig.sym
index fc68050..6b33dbb 100644
--- a/libvirt-gconfig/libvirt-gconfig.sym
+++ b/libvirt-gconfig/libvirt-gconfig.sym
@@ -689,6 +689,11 @@ global:
LIBVIRT_GCONFIG_0.1.9 {
global:
+ gvir_config_capabilities_host_get_secmodels;
+
+ gvir_config_capabilities_secmodel_get_model;
+ gvir_config_capabilities_secmodel_get_type;
+
gvir_config_domain_chardev_source_spiceport_get_channel;
gvir_config_domain_chardev_source_spiceport_get_type;
gvir_config_domain_chardev_source_spiceport_new;
diff --git a/libvirt-gconfig/tests/test-capabilities-parse.c b/libvirt-gconfig/tests/test-capabilities-parse.c
index 8ede160..aec81c5 100644
--- a/libvirt-gconfig/tests/test-capabilities-parse.c
+++ b/libvirt-gconfig/tests/test-capabilities-parse.c
@@ -35,7 +35,7 @@ static void verify_host_caps(GVirConfigCapabilitiesHost *host_caps)
{
GVirConfigCapabilitiesCpu *cpu_caps;
GVirConfigCapabilitiesCpuTopology *topology;
- GList *features, *iter;
+ GList *features, *iter, *secmodels;
const char *str;
g_assert(host_caps != NULL);
@@ -60,6 +60,18 @@ static void verify_host_caps(GVirConfigCapabilitiesHost *host_caps)
g_assert(gvir_config_capabilities_cpu_topology_get_threads(topology) == 2);
g_object_unref(G_OBJECT(topology));
g_object_unref(G_OBJECT(cpu_caps));
+
+ secmodels = gvir_config_capabilities_host_get_secmodels(host_caps);
+ g_assert(g_list_length(secmodels) == 2);
+ for (iter = secmodels; iter != NULL; iter = iter->next) {
+ GVirConfigCapabilitiesSecmodel *secmodel;
+
+ g_assert(iter->data != NULL);
+ secmodel = GVIR_CONFIG_CAPABILITIES_SECMODEL(iter->data);
+ g_assert(gvir_config_capabilities_secmodel_get_model(secmodel) != NULL);
+ g_object_unref(G_OBJECT(iter->data));
+ }
+ g_list_free(secmodels);
}
static void verify_guest_caps(GVirConfigCapabilitiesGuest *guest_caps)
diff --git a/libvirt-gconfig/tests/test-capabilities-parse.xml b/libvirt-gconfig/tests/test-capabilities-parse.xml
index 9c76085..477e3fe 100644
--- a/libvirt-gconfig/tests/test-capabilities-parse.xml
+++ b/libvirt-gconfig/tests/test-capabilities-parse.xml
@@ -40,6 +40,10 @@
<model>selinux</model>
<doi>0</doi>
</secmodel>
+ <secmodel>
+ <model>apparmor</model>
+ <doi>0</doi>
+ </secmodel>
</host>
<guest>
--
1.8.4.5
More information about the libvir-list
mailing list