]> xenbits.xensource.com Git - libvirt.git/commitdiff
virsh: Introduce 'dom-fd-associate' for invoking virDomainFDAssociate()
authorPeter Krempa <pkrempa@redhat.com>
Wed, 23 Mar 2022 09:12:50 +0000 (10:12 +0100)
committerPeter Krempa <pkrempa@redhat.com>
Mon, 9 Jan 2023 13:59:42 +0000 (14:59 +0100)
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
docs/manpages/virsh.rst
tools/virsh-domain.c

index c85bc8151d255a8fb953a6b45776b0ed75073ac7..88b7fa1da825088a944abf89fe974eeffc548f52 100644 (file)
@@ -5225,6 +5225,25 @@ If *--print-xml* is specified, the XML that would be used to change media is
 printed instead of changing the media.
 
 
+dom-fd-associate
+----------------
+
+**Syntax:**
+
+::
+
+    dom-fd-associate domain --name FDGROUPNAME --pass-fds M,N,....
+        [--seclabel-writable] [--seclabel-restore]
+
+Associate one or more fds described via *--pass-fds* argument to *domain* as
+*--name*. The lifetime of the passed fd group is the same as the connection, thus
+exitting virsh un-registers them afterwards.
+
+By default security labels are applied if needed but they are not restored after
+use to avoid keeping them open unnecessarily. Best-effort security label restore
+may be requested by using the *--seclabel-restore* flag.
+
+
 NODEDEV COMMANDS
 ================
 
index 3e94744c957d0948aec85980b2e80474ededde15..6b431bd1e5279e302ac451160ee2dc3348df17b1 100644 (file)
@@ -9817,6 +9817,76 @@ cmdDomSetLaunchSecState(vshControl * ctl, const vshCmd * cmd)
     return ret;
 }
 
+
+/*
+ * "dom-fd-associate" command
+ */
+static const vshCmdInfo info_dom_fd_associate[] = {
+    {.name = "help",
+     .data = N_("associate a FD with a domain")
+    },
+    {.name = "desc",
+     .data = N_("associate a FD with a domain")
+    },
+    {.name = NULL}
+};
+
+static const vshCmdOptDef opts_dom_fd_associate[] = {
+    VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+    {.name = "name",
+     .type = VSH_OT_DATA,
+     .flags = VSH_OFLAG_REQ,
+     .completer = virshCompleteEmpty,
+     .help = N_("name of the FD group")
+    },
+    {.name = "pass-fds",
+     .type = VSH_OT_DATA,
+     .flags = VSH_OFLAG_REQ,
+     .completer = virshCompleteEmpty,
+     .help = N_("file descriptors N,M,... to associate")
+    },
+    {.name = "seclabel-writable",
+     .type = VSH_OT_BOOL,
+     .help = N_("use seclabels allowing writes")
+    },
+    {.name = "seclabel-restore",
+     .type = VSH_OT_BOOL,
+     .help = N_("try to restore security label after use if possible")
+    },
+    {.name = NULL}
+};
+
+static bool
+cmdDomFdAssociate(vshControl *ctl, const vshCmd *cmd)
+{
+    g_autoptr(virshDomain) dom = NULL;
+    const char *name = NULL;
+    unsigned int flags = 0;
+    g_autofree int *fds = NULL;
+    size_t nfds = 0;
+
+    if (vshCommandOptBool(cmd, "seclabel-writable"))
+        flags |= VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_WRITABLE;
+
+    if (vshCommandOptBool(cmd, "seclabel-restore"))
+        flags |= VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_RESTORE;
+
+    if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
+        return false;
+
+    if (vshCommandOptStringReq(ctl, cmd, "name", &name) < 0)
+        return false;
+
+    if (virshFetchPassFdsList(ctl, cmd, &nfds, &fds) < 0)
+        return false;
+
+    if (virDomainFDAssociate(dom, name, nfds, fds, flags) < 0)
+        return false;
+
+    return true;
+}
+
+
 /*
  * "qemu-monitor-command" command
  */
@@ -14418,5 +14488,11 @@ const vshCmdDef domManagementCmds[] = {
      .info = info_domdirtyrate_calc,
      .flags = 0
     },
+    {.name = "dom-fd-associate",
+     .handler = cmdDomFdAssociate,
+     .opts = opts_dom_fd_associate,
+     .info = info_dom_fd_associate,
+     .flags = 0
+    },
     {.name = NULL}
 };