1. Patchew
  2. Libvirt
  3. [libvirt] [PATCH v2 00/23] Use a slirp helper process
  4. View patch

[libvirt] [PATCH v2 08/23] qemu-security: add qemuSecurityCommandRun()

marcandre.lureau@redhat.com posted 23 patches 6 years, 6 months ago
[libvirt] [PATCH v2 08/23] qemu-security: add qemuSecurityCommandRun()
Posted by marcandre.lureau@redhat.com 6 years, 6 months ago 
From: Marc-André Lureau <marcandre.lureau@redhat.com>

Add a generic way to run a command through the security management.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 src/qemu/qemu_security.c | 22 ++++++++++++++++++++++
 src/qemu/qemu_security.h |  6 ++++++
 2 files changed, 28 insertions(+)

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 3cd6d9bd3d..f8b53e06b3 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -632,3 +632,25 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
     virSecurityManagerTransactionAbort(driver->securityManager);
     return ret;
 }
+
+
+int
+qemuSecurityCommandRun(virQEMUDriverPtr driver,
+                       virDomainObjPtr vm,
+                       virCommandPtr cmd,
+                       int *exitstatus,
+                       int *cmdret)
+{
+    if (virSecurityManagerSetChildProcessLabel(driver->securityManager,
+                                               vm->def, cmd) < 0)
+        return -1;
+
+    if (virSecurityManagerPreFork(driver->securityManager) < 0)
+        return -1;
+
+    *cmdret = virCommandRun(cmd, exitstatus);
+
+    virSecurityManagerPostFork(driver->securityManager);
+
+    return 0;
+}
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 68e377f418..8cf4ab0721 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -101,6 +101,12 @@ int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
                                        virDomainObjPtr vm,
                                        const char *savefile);
 
+int qemuSecurityCommandRun(virQEMUDriverPtr driver,
+                           virDomainObjPtr vm,
+                           virCommandPtr cmd,
+                           int *exitstatus,
+                           int *cmdret);
+
 /* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
  * new APIs here. If an API can touch a file add a proper wrapper instead.
  */
-- 
2.23.0.rc1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 08/23] qemu-security: add qemuSecurityCommandRun()
Posted by Michal Privoznik 6 years, 5 months ago 
On 8/8/19 4:54 PM, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
> 
> Add a generic way to run a command through the security management.
> 
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>   src/qemu/qemu_security.c | 22 ++++++++++++++++++++++
>   src/qemu/qemu_security.h |  6 ++++++
>   2 files changed, 28 insertions(+)
> 
> diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
> index 3cd6d9bd3d..f8b53e06b3 100644
> --- a/src/qemu/qemu_security.c
> +++ b/src/qemu/qemu_security.c
> @@ -632,3 +632,25 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
>       virSecurityManagerTransactionAbort(driver->securityManager);
>       return ret;
>   }
> +
> +
> +int
> +qemuSecurityCommandRun(virQEMUDriverPtr driver,
> +                       virDomainObjPtr vm,
> +                       virCommandPtr cmd,
> +                       int *exitstatus,
> +                       int *cmdret)
> +{
> +    if (virSecurityManagerSetChildProcessLabel(driver->securityManager,
> +                                               vm->def, cmd) < 0)
> +        return -1;
> +
> +    if (virSecurityManagerPreFork(driver->securityManager) < 0)
> +        return -1;
> +
> +    *cmdret = virCommandRun(cmd, exitstatus);
> +
> +    virSecurityManagerPostFork(driver->securityManager);
> +
> +    return 0;
> +}
> diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
> index 68e377f418..8cf4ab0721 100644
> --- a/src/qemu/qemu_security.h
> +++ b/src/qemu/qemu_security.h
> @@ -101,6 +101,12 @@ int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
>                                          virDomainObjPtr vm,
>                                          const char *savefile);
>   
> +int qemuSecurityCommandRun(virQEMUDriverPtr driver,
> +                           virDomainObjPtr vm,
> +                           virCommandPtr cmd,
> +                           int *exitstatus,
> +                           int *cmdret);
> +
>   /* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
>    * new APIs here. If an API can touch a file add a proper wrapper instead.
>    */
> 

Since this is copied from qemuSecurityStartTPMEmulator() I'd expect some 
lines to be removed there. And also document what this function does and 
describe arguments.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.