From nobody Sat Feb 7 15:12:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1578652494; cv=none; d=zohomail.com; s=zohoarc; b=dFu+5LDKj4Olih3rfOKhtk8o4rXA0fsvCf4r2b0LAFikXuYA2w2a5t+3jCjcR8Gt2FjiCjjLKd3zShgE85F5rRYvLzGlmHlCOzpqlVPOPCPKJyzLzPGBsPOJS4+zrqmi9HFcLRoDfEi9JPuTTaHo5g9J7HRK3YP9FRkk/qtx8yY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1578652494; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=lbue7CyFrx451fBj/qhTyeQHOfPJaIMd2d85SEaMc3o=; b=jdtXciDopdbMM72zgKrpPY8x4ODNoIboCHynhJ6IO3d4PX3+8FV0rErjH8BFZO0/PYav0jUV8VjEdKhSCEsP1rx92ibxNW2Bx05P9r9/1sYS0hLsvTWlsDx6Ubj6FZtbVOGP/LdGvYsWGZkH+IrhrsgvvDH8hvJQpm0Xtxqhpsk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1578652494302601.7655904458046; Fri, 10 Jan 2020 02:34:54 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-48-6yDZSsJjNZqBStkTFjaq7A-1; Fri, 10 Jan 2020 05:34:49 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7CA52593A1; Fri, 10 Jan 2020 10:34:44 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 598F75DA66; Fri, 10 Jan 2020 10:34:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 19685503D6; Fri, 10 Jan 2020 10:34:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 00AAYg32001939 for ; Fri, 10 Jan 2020 05:34:42 -0500 Received: by smtp.corp.redhat.com (Postfix) id 8050E84665; Fri, 10 Jan 2020 10:34:42 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-65.ams2.redhat.com [10.36.112.65]) by smtp.corp.redhat.com (Postfix) with ESMTP id B71C6858AB; Fri, 10 Jan 2020 10:34:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1578652491; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=lbue7CyFrx451fBj/qhTyeQHOfPJaIMd2d85SEaMc3o=; b=MOfGLq8eVUdbWRiVGgN1f34SP7P/JIWgoPF1r2CbD87mhcQ0WaDUsMM++8pWP3d5P9gZN2 qXDj6R04bOjYx84Qj1yM+5ny9UPltfjFv5+7SbkhqWMgNOKZZot7bZUizjnI8jq6RzaZdQ Kdr7d3ts3gUK1rS9AMVP6oeFbMI+acs= From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Fri, 10 Jan 2020 10:34:29 +0000 Message-Id: <20200110103430.3564679-6-berrange@redhat.com> In-Reply-To: <20200110103430.3564679-1-berrange@redhat.com> References: <20200110103430.3564679-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 5/6] secrets: add support for running secret driver in embedded mode X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: 6yDZSsJjNZqBStkTFjaq7A-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) This enables support for running the secret driver embedded to the calling application process using a URI: secret:///embed?root=3D/some/path When using the embedded mode with a root=3D/var/tmp/embed, the driver will use the following paths: configDir: /var/tmp/embed/etc/secrets stateDir: /var/tmp/embed/run/secrets These are identical whether the embedded driver is privileged or unprivileged. This compares with the system instance which uses configDir: /etc/libvirt/secrets stateDir: /var/lib/libvirt/secrets When an embedded instance of the secret driver is open, any other embedded drivers will automatically use the embedded secret driver. Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/drivers.html.in | 1 + docs/drvsecret.html.in | 82 ++++++++++++++++++++++++++++++++++++++ src/secret/secret_driver.c | 58 ++++++++++++++++++++++----- 3 files changed, 130 insertions(+), 11 deletions(-) create mode 100644 docs/drvsecret.html.in diff --git a/docs/drivers.html.in b/docs/drivers.html.in index 8743301ebd..34f98f60b6 100644 --- a/docs/drivers.html.in +++ b/docs/drivers.html.in @@ -8,6 +8,7 @@
  • Hypervisor drivers
  • Storage drivers
  • Node device driver
    • +
  • Secret driver
    • =20

    diff --git a/docs/drvsecret.html.in b/docs/drvsecret.html.in new file mode 100644 index 0000000000..9a05fe1f09 --- /dev/null +++ b/docs/drvsecret.html.in @@ -0,0 +1,82 @@ + + + + +

    Secret information management

    + +

    + The secrets driver in libvirt provides a simple interface for + storing and retrieving secret information. +

    + +

    Connections to SECRET driver

    + +

    + The libvirt SECRET driver is a multi-instance driver, providing a sing= le + system wide privileged driver (the "system" instance), and per-user + unprivileged drivers (the "session" instance). A connection to the sec= ret + driver is automatically available when opening a connection to one of = the + stateful primary hypervisor drivers. It is none the less also possible= to + explicitly open just the secret driver, using the URI protocol "secret" + Some example connection URIs for the driver are: +

    + +
    +secret:///session                      (local access to per-user instance)
+secret+unix:///session                 (local access to per-user instance)
+
+secret:///system                       (local access to system instance)
+secret+unix:///system                  (local access to system instance)
+secret://example.com/system            (remote access, TLS/x509)
+secret+tcp://example.com/system        (remote access, SASl/Kerberos)
+secret+ssh://root@example.com/system   (remote access, SSH tunnelled)
+
    + +

    Embedded driver

    + +

    + Since 6.0.0 the secret driver has experimental support for operating + in an embedded mode. In this scenario, rather than connecting to + the libvirtd daemon, the secret driver runs in the client application + process directly. To open the driver in embedded mode the app use the + new URI path and specify a virtual root directory under which the + driver will create content. +

    + + 
    +      secret:///embed?root=3D/some/dir
+
    + +

    + Under the specified root directory the following locations will + be used +

    + + 
    +/some/dir
+  |
+  +- etc
+  |   |
+  |   +- secrets
+  |
+  +- run
+      |
+      +- secrets
+
    + +

    + The application is responsible for recursively purging the contents + of this directory tree once they no longer require a connection, + though it can also be left intact for reuse when opening a future + connection. +

    + +

    + The range of functionality is intended to be on a par with that + seen when using the traditional system or session libvirt connections + to QEMU. Normal practice would be to open the secret driver in embed= ded + mode any time one of the other drivers is opened in embedded mode so + that the two drivers can interact in-process. +

    + + diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index a31005c731..210a16c3d3 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -55,6 +55,8 @@ typedef virSecretDriverState *virSecretDriverStatePtr; struct _virSecretDriverState { virMutex lock; bool privileged; /* readonly */ + char *embeddedRoot; /* readonly */ + int embeddedRefs; virSecretObjListPtr secrets; char *stateDir; char *configDir; @@ -456,12 +458,6 @@ secretStateInitialize(bool privileged, virStateInhibitCallback callback G_GNUC_UNUSED, void *opaque G_GNUC_UNUSED) { - if (root !=3D NULL) { - virReportError(VIR_ERR_INVALID_ARG, "%s", - _("Driver does not support embedded mode")); - return -1; - } - if (VIR_ALLOC(driver) < 0) return VIR_DRV_STATE_INIT_ERROR; =20 @@ -475,7 +471,11 @@ secretStateInitialize(bool privileged, driver->secretEventState =3D virObjectEventStateNew(); driver->privileged =3D privileged; =20 - if (privileged) { + if (root) { + driver->embeddedRoot =3D g_strdup(root); + driver->configDir =3D g_strdup_printf("%s/etc/secrets", root); + driver->stateDir =3D g_strdup_printf("%s/run/secrets", root); + } else if (privileged) { driver->configDir =3D g_strdup_printf("%s/libvirt/secrets", SYSCON= FDIR); driver->stateDir =3D g_strdup_printf("%s/libvirt/secrets", RUNSTAT= EDIR); } else { @@ -550,19 +550,54 @@ secretConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; } =20 - if (!virConnectValidateURIPath(conn->uri->path, - "secret", - driver->privileged)) - return VIR_DRV_OPEN_ERROR; + if (driver->embeddedRoot) { + const char *root =3D virURIGetParam(conn->uri, "root"); + if (!root) + return VIR_DRV_OPEN_ERROR; + + if (STRNEQ(conn->uri->path, "/embed")) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("URI must be secret:///embed")); + return VIR_DRV_OPEN_ERROR; + } + + if (STRNEQ(root, driver->embeddedRoot)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Cannot open embedded driver at path '%s', " + "already open with path '%s'"), + root, driver->embeddedRoot); + return VIR_DRV_OPEN_ERROR; + } + } else { + if (!virConnectValidateURIPath(conn->uri->path, + "secret", + driver->privileged)) + return VIR_DRV_OPEN_ERROR; + } =20 if (virConnectOpenEnsureACL(conn) < 0) return VIR_DRV_OPEN_ERROR; =20 + if (driver->embeddedRoot) { + secretDriverLock(); + if (driver->embeddedRefs =3D=3D 0) + virSetConnectSecret(conn); + driver->embeddedRefs++; + secretDriverUnlock(); + } + return VIR_DRV_OPEN_SUCCESS; } =20 static int secretConnectClose(virConnectPtr conn G_GNUC_UNUSED) { + if (driver->embeddedRoot) { + secretDriverLock(); + driver->embeddedRefs--; + if (driver->embeddedRefs =3D=3D 0) + virSetConnectSecret(NULL); + secretDriverUnlock(); + } return 0; } =20 @@ -655,6 +690,7 @@ static virHypervisorDriver secretHypervisorDriver =3D { static virConnectDriver secretConnectDriver =3D { .localOnly =3D true, .uriSchemes =3D (const char *[]){ "secret", NULL }, + .embeddable =3D true, .hypervisorDriver =3D &secretHypervisorDriver, .secretDriver =3D &secretDriver, }; --=20 2.23.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list