[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] libxl: provide impl for nodeGetSecurityModel



On 15.05.2015 20:52, Jim Fehlig wrote:
> Currently, the libxl driver does not support any security drivers.
> When the qemu driver has no security driver configued,
> nodeGetSecurityModel succeeds but returns an empty virSecurityModel
> object.  Do the same in the libxl driver instead of reporting
> 
> this function is not supported by the connection driver:
> virNodeGetSecurityModel
> 
> Signed-off-by: Jim Fehlig <jfehlig suse com>
> ---
> 
> I was reminded of this today when looking through a libvirtd log.
> The system was running a test script that among other things
> called 'virsh dominfo'.  Each time dominfo was called, the log
> was spammed with "this function is not supported by the connection
> driver: virNodeGetSecurityModel".
> 
>  src/libxl/libxl_driver.c | 18 ++++++++++++++++++
>  1 file changed, 18 insertions(+)
> 
> diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
> index 60c139e..d6b20ae 100644
> --- a/src/libxl/libxl_driver.c
> +++ b/src/libxl/libxl_driver.c
> @@ -5027,6 +5027,23 @@ libxlDomainMigrateConfirm3Params(virDomainPtr domain,
>      return libxlDomainMigrationConfirm(driver, vm, flags, cancelled);
>  }
>  
> +static int libxlNodeGetSecurityModel(virConnectPtr conn,
> +                                     virSecurityModelPtr secmodel)
> +{
> +    memset(secmodel, 0, sizeof(*secmodel));
> +
> +    if (virNodeGetSecurityModelEnsureACL(conn) < 0)
> +        return -1;
> +
> +    /*
> +     * Currently the libxl driver does not support security model.
> +     * Similar to the qemu driver, treat this as success and simply
> +     * return no data in secmodel.  Avoids spamming the libvirt log
> +     * with "this function is not supported by the connection driver:
> +     * virNodeGetSecurityModel"

Moreover, this behaviour is defined and documented in the API description:

 * Extract the security model of a hypervisor. The 'model' field
 * in the @secmodel argument may be initialized to the empty
 * string if the driver has not activated a security model.

Awesome.

> +     */
> +    return 0;
> +}
>  
>  static virHypervisorDriver libxlHypervisorDriver = {
>      .name = LIBXL_DRIVER_NAME,
> @@ -5122,6 +5139,7 @@ static virHypervisorDriver libxlHypervisorDriver = {
>      .domainMigratePerform3Params = libxlDomainMigratePerform3Params, /* 1.2.6 */
>      .domainMigrateFinish3Params = libxlDomainMigrateFinish3Params, /* 1.2.6 */
>      .domainMigrateConfirm3Params = libxlDomainMigrateConfirm3Params, /* 1.2.6 */
> +    .nodeGetSecurityModel = libxlNodeGetSecurityModel, /* 1.2.16 */
>  };
>  
>  static virConnectDriver libxlConnectDriver = {
> 

ACK

Michal


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]