From nobody Tue Feb 10 05:17:46 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1630585830365132.8615987582624; Thu, 2 Sep 2021 05:30:30 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-53-zpN4cR2MMmaagr4MhoEyqQ-1; Thu, 02 Sep 2021 08:30:27 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D8E2784A5E3; Thu, 2 Sep 2021 12:30:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BC2E5179B3; Thu, 2 Sep 2021 12:30:20 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6DE2A44A5F; Thu, 2 Sep 2021 12:30:20 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 182CTscH029182 for ; Thu, 2 Sep 2021 08:29:54 -0400 Received: by smtp.corp.redhat.com (Postfix) id F04421017CD5; Thu, 2 Sep 2021 12:29:53 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EAE7B1017CD0 for ; Thu, 2 Sep 2021 12:29:51 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 27930800963 for ; Thu, 2 Sep 2021 12:29:51 +0000 (UTC) Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-422-2uYS3jLqM7WtwQ0DbDcyig-1; Thu, 02 Sep 2021 08:29:49 -0400 Received: by mail-pg1-f181.google.com with SMTP id k24so1740066pgh.8 for ; Thu, 02 Sep 2021 05:29:49 -0700 (PDT) Received: from localhost ([38.94.109.214]) by smtp.gmail.com with ESMTPSA id ch19sm2449006pjb.33.2021.09.02.05.29.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Sep 2021 05:29:47 -0700 (PDT) X-MC-Unique: zpN4cR2MMmaagr4MhoEyqQ-1 X-MC-Unique: 2uYS3jLqM7WtwQ0DbDcyig-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=A+ZxQqmOU0x3olhoWGiYW8ysRPs2BawHGMr9evnEHh0=; b=qSHfXP3jq5zU2IOfHUfZB6d59NgyRYLQDP5h0pZtwqaZg5LjxxGNj1xBin/TAXeDF0 Wcij/58FbHxMkmPW8wJuMrFrDICgoLesrx28rzlbECWI/fxfpyx4e76Uri9VA2fhI4zl 31s/KE+5Da5W/VPiDvfFM0rUkUFP2eMH4NCEDTYgIkws6xVS/km/nP9FFlTy2dEy5fpp MEKlApGNO7cR6Y5OC3Wml8R/U1Y1G8RZHK8hnffaVCDWEYAqXMDTwcggpo7JlkPduO7T bUY399j3u8in9cLDPCiBsYQKNhuRmrZ7YX/Uzi52FArMH1OH/vYZcbnnYIYRKAn3Y7rQ R4Iw== X-Gm-Message-State: AOAM530sKGMPM1OBKIj+VsGk6z+9Gdj6c7cAV4Iojl1Yz+zywxlvtYFz mt5S20J0XXwLZkorVaysehDpr0QdpjUEqBXu5G4= X-Google-Smtp-Source: ABdhPJwe7AEsGFFjcUFlxiHRAEL0a31F6lpZAqKw0lGzffmpRjRax0p1BZBqEv4A6IK/IPw7ajOiMw== X-Received: by 2002:a62:6384:0:b0:3eb:13e7:18c with SMTP id x126-20020a626384000000b003eb13e7018cmr3203854pfb.73.1630585788033; Thu, 02 Sep 2021 05:29:48 -0700 (PDT) From: Luke Yue To: libvir-list@redhat.com Subject: [PATCH 2/3] virsh: Add '--full-seclabels' option for dominfo Date: Thu, 2 Sep 2021 20:29:35 +0800 Message-Id: <20210902122936.57399-3-lukedyue@gmail.com> In-Reply-To: <20210902122936.57399-1-lukedyue@gmail.com> References: <20210902122936.57399-1-lukedyue@gmail.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1630585831756100001 Content-Type: text/plain; charset="utf-8" There is no virsh command uses virDomainGetSecurityLabelList API, so add an option for dominfo to call it and print full list of security labels. Also realign some outputs as it's now "Security labels:" instead of "Security label:". Signed-off-by: Luke Yue --- docs/manpages/virsh.rst | 5 +- tests/virsh-undefine | 8 ++-- tests/virshtest.c | 70 ++++++++++++++-------------- tools/virsh-domain-monitor.c | 89 ++++++++++++++++++++++++------------ 4 files changed, 101 insertions(+), 71 deletions(-) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index 2204bed3bb..183033049d 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -2008,9 +2008,10 @@ dominfo =20 :: =20 - dominfo domain + dominfo domain [--full-seclabels] =20 -Returns basic information about the domain. +Returns basic information about the domain. *--full-seclabels* tells virsh +to print full list of security labels. =20 =20 domjobabort diff --git a/tests/virsh-undefine b/tests/virsh-undefine index dbbb367391..7feefdec79 100755 --- a/tests/virsh-undefine +++ b/tests/virsh-undefine @@ -35,11 +35,11 @@ $abs_top_builddir/tools/virsh -c test:///default \ test $? =3D 0 || fail=3D1 sed '/^Persistent/n; /:/d' < out1 > out cat <<\EOF > exp || fail=3D1 -Persistent: yes +Persistent: yes =20 Domain 'test' has been undefined =20 -Persistent: no +Persistent: no =20 EOF compare exp out || fail=3D1 @@ -50,11 +50,11 @@ $abs_top_builddir/tools/virsh -c test:///default \ test $? =3D 0 || fail=3D1 sed '/^Persistent/n; /:/d' < out1 > out cat <<\EOF > exp || fail=3D1 -Persistent: yes +Persistent: yes =20 Domain '1' has been undefined =20 -Persistent: no +Persistent: no =20 EOF compare exp out || fail=3D1 diff --git a/tests/virshtest.c b/tests/virshtest.c index 87da1f5889..0d703f3765 100644 --- a/tests/virshtest.c +++ b/tests/virshtest.c @@ -25,51 +25,51 @@ main(void) # define SECURITY_LABEL "libvirt-test (enforcing)" # define FC4_MESSAGES "tainted: network configuration using opaque shell s= cripts" # define FC5_MESSAGES "tainted: running with undesirable elevated privileg= es\n\ - tainted: network configuration using opaque shell scripts\= n\ - tainted: use of host cdrom passthrough\n\ - tainted: custom device tree blob used\n\ - tainted: use of deprecated configuration settings\n\ - deprecated configuration: CPU model Deprecated-Test" + tainted: network configuration using opaque shell scripts= \n\ + tainted: use of host cdrom passthrough\n\ + tainted: custom device tree blob used\n\ + tainted: use of deprecated configuration settings\n\ + deprecated configuration: CPU model Deprecated-Test" # define GET_BLKIO_PARAMETER "/dev/hda,700" # define SET_BLKIO_PARAMETER "/dev/hda,1000" =20 static const char *dominfo_fc4 =3D "\ -Id: 2\n\ -Name: fc4\n\ -UUID: " DOM_FC4_UUID "\n\ -OS Type: linux\n\ -State: running\n\ -CPU(s): 1\n\ -Max memory: 261072 KiB\n\ -Used memory: 131072 KiB\n\ -Persistent: yes\n\ -Autostart: disable\n\ -Managed save: no\n\ -Security model: testSecurity\n\ -Security DOI: \n\ -Security label: " SECURITY_LABEL "\n\ -Messages: " FC4_MESSAGES "\n\ +Id: 2\n\ +Name: fc4\n\ +UUID: " DOM_FC4_UUID "\n\ +OS Type: linux\n\ +State: running\n\ +CPU(s): 1\n\ +Max memory: 261072 KiB\n\ +Used memory: 131072 KiB\n\ +Persistent: yes\n\ +Autostart: disable\n\ +Managed save: no\n\ +Security model: testSecurity\n\ +Security DOI: \n\ +Security labels: " SECURITY_LABEL "\n\ +Messages: " FC4_MESSAGES "\n\ \n"; static const char *domuuid_fc4 =3D DOM_FC4_UUID "\n\n"; static const char *domid_fc4 =3D "2\n\n"; static const char *domname_fc4 =3D "fc4\n\n"; static const char *domstate_fc4 =3D "running\n\n"; static const char *dominfo_fc5 =3D "\ -Id: 3\n\ -Name: fc5\n\ -UUID: " DOM_FC5_UUID "\n\ -OS Type: linux\n\ -State: running\n\ -CPU(s): 4\n\ -Max memory: 2097152 KiB\n\ -Used memory: 2097152 KiB\n\ -Persistent: yes\n\ -Autostart: disable\n\ -Managed save: no\n\ -Security model: testSecurity\n\ -Security DOI: \n\ -Security label: " SECURITY_LABEL "\n\ -Messages: " FC5_MESSAGES "\n\ +Id: 3\n\ +Name: fc5\n\ +UUID: " DOM_FC5_UUID "\n\ +OS Type: linux\n\ +State: running\n\ +CPU(s): 4\n\ +Max memory: 2097152 KiB\n\ +Used memory: 2097152 KiB\n\ +Persistent: yes\n\ +Autostart: disable\n\ +Managed save: no\n\ +Security model: testSecurity\n\ +Security DOI: \n\ +Security labels: " SECURITY_LABEL "\n\ +Messages: " FC5_MESSAGES "\n\ \n"; =20 static const char *get_blkio_parameters =3D "\ diff --git a/tools/virsh-domain-monitor.c b/tools/virsh-domain-monitor.c index f7cf82acdf..2b2746e713 100644 --- a/tools/virsh-domain-monitor.c +++ b/tools/virsh-domain-monitor.c @@ -1202,6 +1202,10 @@ static const vshCmdInfo info_dominfo[] =3D { =20 static const vshCmdOptDef opts_dominfo[] =3D { VIRSH_COMMON_OPT_DOMAIN_FULL(0), + {.name =3D "full-seclabels", + .type =3D VSH_OT_BOOL, + .help =3D N_("Show full list of security labels of a domain") + }, {.name =3D NULL} }; =20 @@ -1221,45 +1225,46 @@ cmdDominfo(vshControl *ctl, const vshCmd *cmd) int has_managed_save =3D 0; virshControl *priv =3D ctl->privData; g_auto(GStrv) messages =3D NULL; + bool fullseclabels =3D vshCommandOptBool(cmd, "full-seclabels"); =20 if (!(dom =3D virshCommandOptDomain(ctl, cmd, NULL))) return false; =20 id =3D virDomainGetID(dom); if (id =3D=3D ((unsigned int)-1)) - vshPrint(ctl, "%-15s %s\n", _("Id:"), "-"); + vshPrint(ctl, "%-16s %s\n", _("Id:"), "-"); else - vshPrint(ctl, "%-15s %d\n", _("Id:"), id); - vshPrint(ctl, "%-15s %s\n", _("Name:"), virDomainGetName(dom)); + vshPrint(ctl, "%-16s %d\n", _("Id:"), id); + vshPrint(ctl, "%-16s %s\n", _("Name:"), virDomainGetName(dom)); =20 if (virDomainGetUUIDString(dom, &uuid[0]) =3D=3D 0) - vshPrint(ctl, "%-15s %s\n", _("UUID:"), uuid); + vshPrint(ctl, "%-16s %s\n", _("UUID:"), uuid); =20 if ((ostype =3D virDomainGetOSType(dom))) - vshPrint(ctl, "%-15s %s\n", _("OS Type:"), ostype); + vshPrint(ctl, "%-16s %s\n", _("OS Type:"), ostype); =20 if (virDomainGetInfo(dom, &info) =3D=3D 0) { - vshPrint(ctl, "%-15s %s\n", _("State:"), + vshPrint(ctl, "%-16s %s\n", _("State:"), virshDomainStateToString(info.state)); =20 - vshPrint(ctl, "%-15s %d\n", _("CPU(s):"), info.nrVirtCpu); + vshPrint(ctl, "%-16s %d\n", _("CPU(s):"), info.nrVirtCpu); =20 if (info.cpuTime !=3D 0) { double cpuUsed =3D info.cpuTime; =20 cpuUsed /=3D 1000000000.0; =20 - vshPrint(ctl, "%-15s %.1lfs\n", _("CPU time:"), cpuUsed); + vshPrint(ctl, "%-16s %.1lfs\n", _("CPU time:"), cpuUsed); } =20 if (info.maxMem !=3D UINT_MAX) - vshPrint(ctl, "%-15s %lu KiB\n", _("Max memory:"), + vshPrint(ctl, "%-16s %lu KiB\n", _("Max memory:"), info.maxMem); else - vshPrint(ctl, "%-15s %s\n", _("Max memory:"), + vshPrint(ctl, "%-16s %s\n", _("Max memory:"), _("no limit")); =20 - vshPrint(ctl, "%-15s %lu KiB\n", _("Used memory:"), + vshPrint(ctl, "%-16s %lu KiB\n", _("Used memory:"), info.memory); =20 } else { @@ -1271,21 +1276,21 @@ cmdDominfo(vshControl *ctl, const vshCmd *cmd) vshDebug(ctl, VSH_ERR_DEBUG, "Domain persistent flag value: %d\n", persistent); if (persistent < 0) - vshPrint(ctl, "%-15s %s\n", _("Persistent:"), _("unknown")); + vshPrint(ctl, "%-16s %s\n", _("Persistent:"), _("unknown")); else - vshPrint(ctl, "%-15s %s\n", _("Persistent:"), persistent ? _("yes"= ) : _("no")); + vshPrint(ctl, "%-16s %s\n", _("Persistent:"), persistent ? _("yes"= ) : _("no")); =20 /* Check and display whether the domain autostarts or not */ if (!virDomainGetAutostart(dom, &autostart)) { - vshPrint(ctl, "%-15s %s\n", _("Autostart:"), + vshPrint(ctl, "%-16s %s\n", _("Autostart:"), autostart ? _("enable") : _("disable")); } =20 has_managed_save =3D virDomainHasManagedSaveImage(dom, 0); if (has_managed_save < 0) - vshPrint(ctl, "%-15s %s\n", _("Managed save:"), _("unknown")); + vshPrint(ctl, "%-16s %s\n", _("Managed save:"), _("unknown")); else - vshPrint(ctl, "%-15s %s\n", _("Managed save:"), + vshPrint(ctl, "%-16s %s\n", _("Managed save:"), has_managed_save ? _("yes") : _("no")); =20 /* Security model and label information */ @@ -1299,29 +1304,53 @@ cmdDominfo(vshControl *ctl, const vshCmd *cmd) } else { /* Only print something if a security model is active */ if (secmodel.model[0] !=3D '\0') { - vshPrint(ctl, "%-15s %s\n", _("Security model:"), secmodel.mod= el); - vshPrint(ctl, "%-15s %s\n", _("Security DOI:"), secmodel.doi); - - /* Security labels are only valid for active domains */ - seclabel =3D g_new0(virSecurityLabel, 1); + vshPrint(ctl, "%-16s %s\n", _("Security model:"), secmodel.mod= el); + vshPrint(ctl, "%-16s %s\n", _("Security DOI:"), secmodel.doi); + + if (fullseclabels) { + int len; + size_t i; + + if ((len =3D virDomainGetSecurityLabelList(dom, &seclabel)= ) < 0) { + g_clear_pointer(&(seclabel), g_free); + return false; + } else { + for (i =3D 0; i < len; i++) + if (seclabel[i].label[0] !=3D '\0') + vshPrint(ctl, "%-16s %s (%s)\n", + i =3D=3D 0 ? _("Security labels:") : = "", + seclabel[i].label, + seclabel[i].enforcing ? + "enforcing" : + "permissive"); + } =20 - if (virDomainGetSecurityLabel(dom, seclabel) =3D=3D -1) { - VIR_FREE(seclabel); - return false; + g_clear_pointer(&seclabel, g_free); } else { - if (seclabel->label[0] !=3D '\0') - vshPrint(ctl, "%-15s %s (%s)\n", _("Security label:"), - seclabel->label, seclabel->enforcing ? "enfor= cing" : "permissive"); - } + /* Security labels are only valid for active domains */ + seclabel =3D g_new0(virSecurityLabel, 1); + + if (virDomainGetSecurityLabel(dom, seclabel) =3D=3D -1) { + g_clear_pointer(&seclabel, g_free); + return false; + } else { + if (seclabel->label[0] !=3D '\0') + vshPrint(ctl, "%-16s %s (%s)\n", _("Security label= s:"), + seclabel->label, + seclabel->enforcing ? + "enforcing" : + "permissive"); + } =20 - VIR_FREE(seclabel); + g_clear_pointer(&seclabel, g_free); + } } } =20 if (virDomainGetMessages(dom, &messages, 0) > 0) { size_t i; for (i =3D 0; messages[i] !=3D NULL; i++) { - vshPrint(ctl, "%-15s %s\n", + vshPrint(ctl, "%-16s %s\n", i =3D=3D 0 ? _("Messages:") : "", messages[i]); } } --=20 2.33.0