[libvirt] [libvirt-glib PATCH] Add API to get security models from host capabilities
Christophe Fergeau
cfergeau at redhat.com
Thu Jun 5 09:32:22 UTC 2014
Hey,
Looks good to me.
There's a 'Nuernberg' typo in the copyright lines
I'm wondering if GVirConfigCapabilitiesSecmodel should be
GVirConfigCapabilitiesHostSecmodel as this is only available under the
host node.
Also, libvirt uses the spelling SecModel/secmodel, might be nice to
follow that (or SecModel/sec_model ?)
Christophe
On Thu, Jun 05, 2014 at 08:42:24AM +0200, Cédric Bosdonnat wrote:
> ---
> libvirt-gconfig/Makefile.am | 2 +
> .../libvirt-gconfig-capabilities-host.c | 51 +++++++++++++++++
> .../libvirt-gconfig-capabilities-host.h | 3 +
> .../libvirt-gconfig-capabilities-secmodel.c | 55 ++++++++++++++++++
> .../libvirt-gconfig-capabilities-secmodel.h | 66 ++++++++++++++++++++++
> libvirt-gconfig/libvirt-gconfig.h | 1 +
> libvirt-gconfig/libvirt-gconfig.sym | 5 ++
> libvirt-gconfig/tests/test-capabilities-parse.c | 14 ++++-
> libvirt-gconfig/tests/test-capabilities-parse.xml | 4 ++
> 9 files changed, 200 insertions(+), 1 deletion(-)
> create mode 100644 libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.c
> create mode 100644 libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h
>
> diff --git a/libvirt-gconfig/Makefile.am b/libvirt-gconfig/Makefile.am
> index 83d521f..50083ed 100644
> --- a/libvirt-gconfig/Makefile.am
> +++ b/libvirt-gconfig/Makefile.am
> @@ -20,6 +20,7 @@ GCONFIG_HEADER_FILES = \
> libvirt-gconfig-capabilities-guest-arch.h \
> libvirt-gconfig-capabilities-guest-domain.h \
> libvirt-gconfig-capabilities-guest-feature.h \
> + libvirt-gconfig-capabilities-secmodel.h \
> libvirt-gconfig-domain.h \
> libvirt-gconfig-domain-address.h \
> libvirt-gconfig-domain-address-pci.h \
> @@ -107,6 +108,7 @@ GCONFIG_SOURCE_FILES = \
> libvirt-gconfig-capabilities-guest-arch.c \
> libvirt-gconfig-capabilities-guest-domain.c \
> libvirt-gconfig-capabilities-guest-feature.c \
> + libvirt-gconfig-capabilities-secmodel.c \
> libvirt-gconfig-domain.c \
> libvirt-gconfig-domain-address.c \
> libvirt-gconfig-domain-address-pci.c \
> diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-host.c b/libvirt-gconfig/libvirt-gconfig-capabilities-host.c
> index 6a15206..46d2bc1 100644
> --- a/libvirt-gconfig/libvirt-gconfig-capabilities-host.c
> +++ b/libvirt-gconfig/libvirt-gconfig-capabilities-host.c
> @@ -77,3 +77,54 @@ gvir_config_capabilities_host_get_cpu(GVirConfigCapabilitiesHost *host)
>
> return GVIR_CONFIG_CAPABILITIES_CPU(object);
> }
> +
> +struct GetSecModelData {
> + GVirConfigXmlDoc *doc;
> + const gchar *schema;
> + GList *secmodels;
> + GType type;
> +};
> +
> +static gboolean add_secmodel(xmlNodePtr node, gpointer opaque)
> +{
> + struct GetSecModelData* data = (struct GetSecModelData*)opaque;
> + GVirConfigObject *secmodel;
> +
> + if (g_strcmp0((const gchar *)node->name, "secmodel") != 0)
> + return TRUE;
> +
> + secmodel = gvir_config_object_new_from_tree
> + (data->type,
> + data->doc,
> + data->schema,
> + node);
> + if (secmodel != NULL)
> + data->secmodels = g_list_append(data->secmodels, secmodel);
> + else
> + g_debug("Failed to parse %s node", node->name);
> +
> + return TRUE;
> +}
> +
> +GList *
> +gvir_config_capabilities_host_get_secmodels(GVirConfigCapabilitiesHost *host)
> +{
> + struct GetSecModelData data;
> +
> + g_return_val_if_fail(GVIR_CONFIG_IS_CAPABILITIES_HOST(host), NULL);
> +
> + data.schema = gvir_config_object_get_schema(GVIR_CONFIG_OBJECT(host));
> + g_object_get(G_OBJECT(host), "doc", &data.doc, NULL);
> + g_return_val_if_fail(data.doc != NULL, NULL);
> + data.secmodels = NULL;
> + data.type = GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL;
> +
> + gvir_config_object_foreach_child(GVIR_CONFIG_OBJECT(host),
> + NULL,
> + add_secmodel,
> + &data);
> +
> + g_clear_object(&data.doc);
> +
> + return data.secmodels;
> +}
> diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-host.h b/libvirt-gconfig/libvirt-gconfig-capabilities-host.h
> index 34fbb4f..c3c7951 100644
> --- a/libvirt-gconfig/libvirt-gconfig-capabilities-host.h
> +++ b/libvirt-gconfig/libvirt-gconfig-capabilities-host.h
> @@ -67,6 +67,9 @@ gvir_config_capabilities_host_get_uuid(GVirConfigCapabilitiesHost *host);
> GVirConfigCapabilitiesCpu *
> gvir_config_capabilities_host_get_cpu(GVirConfigCapabilitiesHost *host);
>
> +GList *
> +gvir_config_capabilities_host_get_secmodels(GVirConfigCapabilitiesHost *host);
> +
> G_END_DECLS
>
> #endif /* __LIBVIRT_GCONFIG_CAPABILITIES_HOST_H__ */
> diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.c b/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.c
> new file mode 100644
> index 0000000..82285cb
> --- /dev/null
> +++ b/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.c
> @@ -0,0 +1,55 @@
> +/*
> + * libvirt-gconfig-capabilities-secmodel.c: libvirt security model capabilities
> + *
> + * Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library. If not, see
> + * <http://www.gnu.org/licenses/>.
> + *
> + * Authors: Cédric Bosdonnat <cbosdonnat at suse.com>
> + */
> +
> +#include <config.h>
> +
> +#include "libvirt-gconfig/libvirt-gconfig.h"
> +#include "libvirt-gconfig/libvirt-gconfig-private.h"
> +
> +#define GVIR_CONFIG_CAPABILITIES_SECMODEL_GET_PRIVATE(obj) \
> + (G_TYPE_INSTANCE_GET_PRIVATE((obj), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL, GVirConfigCapabilitiesSecmodelPrivate))
> +
> +struct _GVirConfigCapabilitiesSecmodelPrivate
> +{
> + gboolean unused;
> +};
> +
> +G_DEFINE_TYPE(GVirConfigCapabilitiesSecmodel, gvir_config_capabilities_secmodel, GVIR_CONFIG_TYPE_OBJECT);
> +
> +static void gvir_config_capabilities_secmodel_class_init(GVirConfigCapabilitiesSecmodelClass *klass)
> +{
> + g_type_class_add_private(klass, sizeof(GVirConfigCapabilitiesSecmodelPrivate));
> +}
> +
> +static void gvir_config_capabilities_secmodel_init(GVirConfigCapabilitiesSecmodel *secmodel)
> +{
> + g_debug("Init GVirConfigCapabilitiesSecmodel=%p", secmodel);
> +
> + secmodel->priv = GVIR_CONFIG_CAPABILITIES_SECMODEL_GET_PRIVATE(secmodel);
> +}
> +
> +const gchar *
> +gvir_config_capabilities_secmodel_get_model(GVirConfigCapabilitiesSecmodel *secmodel)
> +{
> + return gvir_config_object_get_node_content(GVIR_CONFIG_OBJECT(secmodel),
> + "model");
> +}
> diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h b/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h
> new file mode 100644
> index 0000000..01de24d
> --- /dev/null
> +++ b/libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h
> @@ -0,0 +1,66 @@
> +/*
> + * libvirt-gconfig-capabilities-secmodel.h: libvirt security model capabilities
> + *
> + * Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library. If not, see
> + * <http://www.gnu.org/licenses/>.
> + *
> + * Authors: Cédric Bosdonnat <cbosdonnat at suse.com>
> + */
> +
> +#if !defined(__LIBVIRT_GCONFIG_H__) && !defined(LIBVIRT_GCONFIG_BUILD)
> +#error "Only <libvirt-gconfig/libvirt-gconfig.h> can be included directly."
> +#endif
> +
> +#ifndef __LIBVIRT_GCONFIG_CAPABILITIES_SECMODEL_H__
> +#define __LIBVIRT_GCONFIG_CAPABILITIES_SECMODEL_H__
> +
> +G_BEGIN_DECLS
> +
> +#define GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL (gvir_config_capabilities_secmodel_get_type ())
> +#define GVIR_CONFIG_CAPABILITIES_SECMODEL(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL, GVirConfigCapabilitiesSecmodel))
> +#define GVIR_CONFIG_CAPABILITIES_SECMODEL_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL, GVirConfigCapabilitiesSecmodelClass))
> +#define GVIR_CONFIG_IS_CAPABILITIES_SECMODEL(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL))
> +#define GVIR_CONFIG_IS_CAPABILITIES_SECMODEL_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL))
> +#define GVIR_CONFIG_CAPABILITIES_SECMODEL_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), GVIR_CONFIG_TYPE_CAPABILITIES_SECMODEL, GVirConfigCapabilitiesSecmodelClass))
> +
> +typedef struct _GVirConfigCapabilitiesSecmodel GVirConfigCapabilitiesSecmodel;
> +typedef struct _GVirConfigCapabilitiesSecmodelPrivate GVirConfigCapabilitiesSecmodelPrivate;
> +typedef struct _GVirConfigCapabilitiesSecmodelClass GVirConfigCapabilitiesSecmodelClass;
> +
> +struct _GVirConfigCapabilitiesSecmodel
> +{
> + GVirConfigObject parent;
> +
> + GVirConfigCapabilitiesSecmodelPrivate *priv;
> +
> + /* Do not add fields to this struct */
> +};
> +
> +struct _GVirConfigCapabilitiesSecmodelClass
> +{
> + GVirConfigObjectClass parent_class;
> +
> + gpointer padding[20];
> +};
> +
> +GType gvir_config_capabilities_secmodel_get_type(void);
> +
> +const gchar *
> +gvir_config_capabilities_secmodel_get_model(GVirConfigCapabilitiesSecmodel *secmodel);
> +
> +G_END_DECLS
> +
> +#endif /* __LIBVIRT_GCONFIG_CAPABILITIES_SECMODEL_H__ */
> diff --git a/libvirt-gconfig/libvirt-gconfig.h b/libvirt-gconfig/libvirt-gconfig.h
> index 1582109..3400110 100644
> --- a/libvirt-gconfig/libvirt-gconfig.h
> +++ b/libvirt-gconfig/libvirt-gconfig.h
> @@ -37,6 +37,7 @@
> #include <libvirt-gconfig/libvirt-gconfig-capabilities-guest-domain.h>
> #include <libvirt-gconfig/libvirt-gconfig-capabilities-guest-feature.h>
> #include <libvirt-gconfig/libvirt-gconfig-capabilities-host.h>
> +#include <libvirt-gconfig/libvirt-gconfig-capabilities-secmodel.h>
> #include <libvirt-gconfig/libvirt-gconfig-domain.h>
> #include <libvirt-gconfig/libvirt-gconfig-domain-address.h>
> #include <libvirt-gconfig/libvirt-gconfig-domain-address-pci.h>
> diff --git a/libvirt-gconfig/libvirt-gconfig.sym b/libvirt-gconfig/libvirt-gconfig.sym
> index fc68050..6b33dbb 100644
> --- a/libvirt-gconfig/libvirt-gconfig.sym
> +++ b/libvirt-gconfig/libvirt-gconfig.sym
> @@ -689,6 +689,11 @@ global:
>
> LIBVIRT_GCONFIG_0.1.9 {
> global:
> + gvir_config_capabilities_host_get_secmodels;
> +
> + gvir_config_capabilities_secmodel_get_model;
> + gvir_config_capabilities_secmodel_get_type;
> +
> gvir_config_domain_chardev_source_spiceport_get_channel;
> gvir_config_domain_chardev_source_spiceport_get_type;
> gvir_config_domain_chardev_source_spiceport_new;
> diff --git a/libvirt-gconfig/tests/test-capabilities-parse.c b/libvirt-gconfig/tests/test-capabilities-parse.c
> index 8ede160..aec81c5 100644
> --- a/libvirt-gconfig/tests/test-capabilities-parse.c
> +++ b/libvirt-gconfig/tests/test-capabilities-parse.c
> @@ -35,7 +35,7 @@ static void verify_host_caps(GVirConfigCapabilitiesHost *host_caps)
> {
> GVirConfigCapabilitiesCpu *cpu_caps;
> GVirConfigCapabilitiesCpuTopology *topology;
> - GList *features, *iter;
> + GList *features, *iter, *secmodels;
> const char *str;
>
> g_assert(host_caps != NULL);
> @@ -60,6 +60,18 @@ static void verify_host_caps(GVirConfigCapabilitiesHost *host_caps)
> g_assert(gvir_config_capabilities_cpu_topology_get_threads(topology) == 2);
> g_object_unref(G_OBJECT(topology));
> g_object_unref(G_OBJECT(cpu_caps));
> +
> + secmodels = gvir_config_capabilities_host_get_secmodels(host_caps);
> + g_assert(g_list_length(secmodels) == 2);
> + for (iter = secmodels; iter != NULL; iter = iter->next) {
> + GVirConfigCapabilitiesSecmodel *secmodel;
> +
> + g_assert(iter->data != NULL);
> + secmodel = GVIR_CONFIG_CAPABILITIES_SECMODEL(iter->data);
> + g_assert(gvir_config_capabilities_secmodel_get_model(secmodel) != NULL);
> + g_object_unref(G_OBJECT(iter->data));
> + }
> + g_list_free(secmodels);
> }
>
> static void verify_guest_caps(GVirConfigCapabilitiesGuest *guest_caps)
> diff --git a/libvirt-gconfig/tests/test-capabilities-parse.xml b/libvirt-gconfig/tests/test-capabilities-parse.xml
> index 9c76085..477e3fe 100644
> --- a/libvirt-gconfig/tests/test-capabilities-parse.xml
> +++ b/libvirt-gconfig/tests/test-capabilities-parse.xml
> @@ -40,6 +40,10 @@
> <model>selinux</model>
> <doi>0</doi>
> </secmodel>
> + <secmodel>
> + <model>apparmor</model>
> + <doi>0</doi>
> + </secmodel>
> </host>
>
> <guest>
> --
> 1.8.4.5
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140605/c73315b5/attachment-0001.sig>
More information about the libvir-list
mailing list